From 1536e8b48f26f87a010d8848fff66e492f989aeb Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Thu, 9 Jul 2020 13:59:14 -0600 Subject: [PATCH 1/4] mail_forwardings alias/forward/catchall, aliasdomains in virtual_alias_{maps,domains} --- install/dist/lib/fedora.lib.php | 3 +++ install/dist/lib/opensuse.lib.php | 3 +++ install/lib/installer_base.lib.php | 3 +++ install/tpl/debian_postfix.conf.master | 4 ++-- install/tpl/fedora_postfix.conf.master | 4 ++-- install/tpl/gentoo_postfix.conf.master | 4 ++-- .../tpl/mysql-virtual_alias_domains.cf.master | 6 +++++ install/tpl/mysql-virtual_domains.cf.master | 3 ++- .../tpl/mysql-virtual_forwardings.cf.master | 24 +++++-------------- install/tpl/opensuse_postfix.conf.master | 4 ++-- 10 files changed, 31 insertions(+), 27 deletions(-) create mode 100644 install/tpl/mysql-virtual_alias_domains.cf.master diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php index 4a7c9cfbfe..05fea64519 100644 --- a/install/dist/lib/fedora.lib.php +++ b/install/dist/lib/fedora.lib.php @@ -63,6 +63,9 @@ class installer_dist extends installer_base { //* mysql-virtual_forwardings.cf $this->process_postfix_config('mysql-virtual_forwardings.cf'); + //* mysql-virtual_alias_domains.cf + $this->process_postfix_config('mysql-virtual_alias_domains.cf'); + //* mysql-virtual_mailboxes.cf $this->process_postfix_config('mysql-virtual_mailboxes.cf'); diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php index 60fb0511fd..574b38100d 100644 --- a/install/dist/lib/opensuse.lib.php +++ b/install/dist/lib/opensuse.lib.php @@ -63,6 +63,9 @@ class installer_dist extends installer_base { //* mysql-virtual_forwardings.cf $this->process_postfix_config('mysql-virtual_forwardings.cf'); + //* mysql-virtual_alias_domains.cf + $this->process_postfix_config('mysql-virtual_alias_domains.cf'); + //* mysql-virtual_mailboxes.cf $this->process_postfix_config('mysql-virtual_mailboxes.cf'); diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 81b1257db0..0476c92330 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -960,6 +960,9 @@ class installer_base { //* mysql-virtual_forwardings.cf $this->process_postfix_config('mysql-virtual_forwardings.cf'); + //* mysql-virtual_alias_domains.cf + $this->process_postfix_config('mysql-virtual_alias_domains.cf'); + //* mysql-virtual_mailboxes.cf $this->process_postfix_config('mysql-virtual_mailboxes.cf'); diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index 1c739a5c7e..c1a5baa71d 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -1,7 +1,7 @@ alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases -virtual_alias_domains = -virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf +virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf +virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf virtual_mailbox_base = {vmail_mailbox_base} diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index d504c6ed56..5b53b9a45f 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -1,5 +1,5 @@ -virtual_alias_domains = -virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf +virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf +virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf virtual_mailbox_base = {vmail_mailbox_base} diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index cad2b97c3c..a326051d5e 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -1,5 +1,5 @@ -virtual_alias_domains = -virtual_alias_maps = proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf +virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf +virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf virtual_mailbox_base = {vmail_mailbox_base} diff --git a/install/tpl/mysql-virtual_alias_domains.cf.master b/install/tpl/mysql-virtual_alias_domains.cf.master new file mode 100644 index 0000000000..e55fd8ea8d --- /dev/null +++ b/install/tpl/mysql-virtual_alias_domains.cf.master @@ -0,0 +1,6 @@ +user = {mysql_server_ispconfig_user} +password = {mysql_server_ispconfig_password} +dbname = {mysql_server_database} +hosts = {mysql_server_ip} +query = SELECT destination FROM mail_forwarding + WHERE source = '@%d' AND type = 'aliasdomain' AND active = 'y' AND server_id = {server_id} diff --git a/install/tpl/mysql-virtual_domains.cf.master b/install/tpl/mysql-virtual_domains.cf.master index 0d1793a95a..11ccb046ef 100644 --- a/install/tpl/mysql-virtual_domains.cf.master +++ b/install/tpl/mysql-virtual_domains.cf.master @@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user} password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} -query = select domain from mail_domain where domain = '%s' and active = 'y' and server_id = {server_id} +query = SELECT domain FROM mail_domain WHERE domain = '%s' AND active = 'y' AND server_id = {server_id} + AND NOT EXISTS (SELECT source FROM mail_forwarding WHERE source = '@%s' AND type = 'aliasdomain' AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/mysql-virtual_forwardings.cf.master b/install/tpl/mysql-virtual_forwardings.cf.master index 04a94ee634..9ab6f3e860 100644 --- a/install/tpl/mysql-virtual_forwardings.cf.master +++ b/install/tpl/mysql-virtual_forwardings.cf.master @@ -2,22 +2,10 @@ user = {mysql_server_ispconfig_user} password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} -query = SELECT u.email as target FROM mail_forwarding as s - INNER JOIN mail_user as u ON (u.email = CONCAT('%u@', SUBSTRING_INDEX(s.destination,'@',-1))) - WHERE s.source = '@%d' AND s.type = 'aliasdomain' AND s.active = 'y' AND u.disabledeliver = 'n' AND s.server_id = {server_id} +query = SELECT s.destination AS target FROM mail_forwarding AS s + WHERE s.source = '%s' AND s.type IN ('alias', 'forward') AND s.active = 'y' AND s.server_id = {server_id} UNION - SELECT s.destination as target FROM mail_forwarding as s - WHERE s.source = '%s' AND s.type IN ('alias', 'forward') and s.active = 'y' AND s.server_id = {server_id} - UNION - SELECT s.destination as target FROM mail_forwarding as s - INNER JOIN mail_forwarding as f ON (f.source = CONCAT('%u@', SUBSTRING_INDEX(s.destination,'@',-1))) - WHERE s.source = '@%d' AND s.type = 'aliasdomain' AND s.active = 'y' AND f.active = 'y' AND s.server_id = {server_id} - UNION - SELECT s.destination as target FROM mail_forwarding as s - LEFT JOIN mail_user as uu ON (uu.email = '%s' AND uu.disabledeliver = 'n') - LEFT JOIN mail_forwarding as uf ON (uf.source = '%s' AND uf.type IN ('alias', 'forward') AND uf.active = 'y') - WHERE s.source = '@%d' AND s.type IN ('catchall') and s.active = 'y' AND uu.mailuser_id IS NULL AND uf.forwarding_id IS NULL AND s.server_id = {server_id} - UNION - SELECT s.destination as target FROM mail_forwarding as s - INNER JOIN mail_forwarding as t ON (t.source = s.destination AND t.type = 'catchall') - WHERE s.source = '@%d' AND s.type = 'aliasdomain' and s.active = 'y' AND t.active = 'y' AND s.server_id = {server_id} + SELECT s.destination AS target FROM mail_forwarding AS s + WHERE s.source = '@%d' AND s.type = 'catchall' AND s.active = 'y' AND s.server_id = {server_id} + AND NOT EXISTS (SELECT email FROM mail_user WHERE email = '%s' AND server_id = {server_id}) + AND NOT EXISTS (SELECT source FROM mail_forwarding WHERE source = '%s' AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index c59d46fa97..ea4375b6ac 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -1,7 +1,7 @@ alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases -virtual_alias_domains = -virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf +virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf +virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf virtual_mailbox_base = {vmail_mailbox_base} -- GitLab From 015a175f9fbee0399ec31cfc7e2dae7943495c67 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Tue, 14 Jul 2020 13:43:43 -0600 Subject: [PATCH 2/4] use reject_unverified_recipient with lmtp --- install/dist/lib/fedora.lib.php | 3 ++ install/dist/lib/opensuse.lib.php | 3 ++ install/lib/installer_base.lib.php | 42 +++++++++++++-- install/tpl/debian_postfix.conf.master | 6 ++- install/tpl/fedora_postfix.conf.master | 6 ++- install/tpl/gentoo_postfix.conf.master | 6 ++- install/tpl/mysql-verify_recipients.cf.master | 5 ++ install/tpl/opensuse_postfix.conf.master | 6 ++- .../postfix_server_plugin.inc.php | 53 ++++++++++++++----- 9 files changed, 105 insertions(+), 25 deletions(-) create mode 100644 install/tpl/mysql-verify_recipients.cf.master diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php index 05fea64519..9ffc7d0ef4 100644 --- a/install/dist/lib/fedora.lib.php +++ b/install/dist/lib/fedora.lib.php @@ -105,6 +105,9 @@ class installer_dist extends installer_base { //* mysql-virtual_uids.cf $this->process_postfix_config('mysql-virtual_uids.cf'); + //* mysql-virtual_alias_domains.cf + $this->process_postfix_config('mysql-verify_recipients.cf'); + //* postfix-dkim $filename='tag_as_originating.re'; $full_file_name=$config_dir.'/'.$filename; diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php index 574b38100d..15ab5b6e91 100644 --- a/install/dist/lib/opensuse.lib.php +++ b/install/dist/lib/opensuse.lib.php @@ -102,6 +102,9 @@ class installer_dist extends installer_base { //* mysql-virtual_uids.cf $this->process_postfix_config('mysql-virtual_uids.cf'); + //* mysql-virtual_alias_domains.cf + $this->process_postfix_config('mysql-verify_recipients.cf'); + //* postfix-dkim $filename='tag_as_originating.re'; $full_file_name=$config_dir.'/'.$filename; diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 0476c92330..c02a33eebb 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -1002,6 +1002,9 @@ class installer_base { //* mysql-virtual_uids.cf $this->process_postfix_config('mysql-virtual_uids.cf'); + //* mysql-virtual_alias_domains.cf + $this->process_postfix_config('mysql-verify_recipients.cf'); + // test if lmtp if available $configure_lmtp = $this->get_postfix_service('lmtp','unix'); @@ -1340,6 +1343,8 @@ class installer_base { } $config_dir = $conf['postfix']['config_dir']; + $postfix_version = `postconf -d mail_version 2>/dev/null`; + $postfix_version = preg_replace( '/mail_version\s*=\s*(.*)\s*/', '$1', $postfix_version ); //* Configure master.cf and add a line for deliver if(!$this->get_postfix_service('dovecot', 'unix')) { @@ -1351,7 +1356,7 @@ class installer_base { chmod($config_dir.'/master.cf~2', 0400); } //* Configure master.cf and add a line for deliver - $content = rf($conf["postfix"]["config_dir"].'/master.cf'); + $content = rf($config_dir.'/master.cf'); $deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n"; af($config_dir.'/master.cf', $deliver_content); unset($content); @@ -1368,7 +1373,31 @@ class installer_base { ); // Make a backup copy of the main.cf file - copy($conf['postfix']['config_dir'].'/main.cf', $conf['postfix']['config_dir'].'/main.cf~3'); + copy($config_dir.'/main.cf', $config_dir.'/main.cf~3'); + + $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); + $new_options = array(); + foreach ($options as $value) { + if (($value = trim($value)) == '') continue; + if (preg_match("|check_recipient_access\s+proxy:mysql:${config_dir}/mysql-verify_recipients.cf|", $value)) { + continue; + } + $new_options[] = $value; + } + if ($configure_lmtp) { + for ($i = 0; isset($new_options[$i]); $i++) { + if ($new_options[$i] == 'reject_unlisted_recipient') { + array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${config_dir}/mysql-verify_recipients.cf")); + break; + } + } + # postfix < 3.3 needs this when using reject_unverified_recipient: + if(version_compare($postfix_version, 3.3, '<')) { + $postconf_commands[] = "enable_original_recipient = yes"; + } + } + #exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'"); + $postconf_commands[] = "smtpd_recipient_restrictions = ".implode(", ", $new_options); // Executing the postconf commands foreach($postconf_commands as $cmd) { @@ -1608,12 +1637,15 @@ class installer_base { exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'"); + + $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); $new_options = array(); - $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions")); foreach ($options as $value) { - if (!preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) { - $new_options[] = $value; + if (($value = trim($value)) == '') continue; + if (preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) { + continue; } + $new_options[] = $value; } exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'"); diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index c1a5baa71d..d3df3ab568 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -15,7 +15,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert @@ -24,7 +24,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf -proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps +proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re @@ -44,3 +44,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL +# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp): +enable_original_recipient = yes diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index 5b53b9a45f..e6f43b01e8 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -11,7 +11,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert @@ -20,7 +20,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf -proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps +proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re @@ -40,3 +40,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL +# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp): +enable_original_recipient = yes diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index a326051d5e..0f6ee7301b 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -10,7 +10,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert @@ -19,7 +19,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf -proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps +proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re @@ -39,3 +39,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL +# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp): +enable_original_recipient = yes diff --git a/install/tpl/mysql-verify_recipients.cf.master b/install/tpl/mysql-verify_recipients.cf.master new file mode 100644 index 0000000000..2b433491d8 --- /dev/null +++ b/install/tpl/mysql-verify_recipients.cf.master @@ -0,0 +1,5 @@ +user = {mysql_server_ispconfig_user} +password = {mysql_server_ispconfig_password} +dbname = {mysql_server_database} +hosts = {mysql_server_ip} +query = SELECT 'reject_unverified_recipient' FROM mail_domain WHERE domain = '%s' AND active = 'y' AND server_id = {server_id} diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index ea4375b6ac..d29c3d1b05 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -13,7 +13,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert @@ -22,7 +22,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf -proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps +proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re @@ -42,3 +42,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL +# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp): +enable_original_recipient = yes diff --git a/server/plugins-available/postfix_server_plugin.inc.php b/server/plugins-available/postfix_server_plugin.inc.php index 80db1c102a..757ee5e72f 100644 --- a/server/plugins-available/postfix_server_plugin.inc.php +++ b/server/plugins-available/postfix_server_plugin.inc.php @@ -33,9 +33,6 @@ class postfix_server_plugin { var $plugin_name = 'postfix_server_plugin'; var $class_name = 'postfix_server_plugin'; - - var $postfix_config_dir = '/etc/postfix'; - //* This function is called during ispconfig installation to determine // if a symlink shall be created for this plugin. function onInstall() { @@ -79,8 +76,13 @@ class postfix_server_plugin { $old_ini_data = $app->ini_parser->parse_ini_string($data['old']['config']); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); + // Get postfix version + exec('postconf -d mail_version 2>&1', $out); + $postfix_version = preg_replace('/.*=\s*/', '', $out[0]); + unset($out); + copy('/etc/postfix/main.cf', '/etc/postfix/main.cf~'); - + if ($mail_config['relayhost'].$mail_config['relayhost_user'].$mail_config['relayhost_password'] != $old_ini_data['mail']['relayhost'].$old_ini_data['mail']['relayhost_user'].$old_ini_data['mail']['relayhost_password']) { $content = file_exists('/etc/postfix/sasl_passwd') ? file_get_contents('/etc/postfix/sasl_passwd') : ''; $content = preg_replace('/^'.preg_quote($old_ini_data['email']['relayhost']).'\s+[^\n]*(:?\n|)/m','',$content); @@ -112,17 +114,18 @@ class postfix_server_plugin { if($rbl_hosts != ''){ $rbl_hosts = explode(",", $rbl_hosts); } - $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions")); + $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); $new_options = array(); foreach ($options as $key => $value) { + if (($value = trim($value)) == '') continue; if (!preg_match('/reject_rbl_client/', $value)) { $new_options[] = $value; } else { if(is_array($rbl_hosts) && !empty($rbl_hosts) && !$rbl_updated){ $rbl_updated = true; - foreach ($rbl_hosts as $key => $value) { - $value = trim($value); - if($value != '') $new_options[] = "reject_rbl_client ".$value; + foreach ($rbl_hosts as $key2 => $value2) { + $value2 = trim($value2); + if($value2 != '') $new_options[] = "reject_rbl_client ".$value2; } } } @@ -190,6 +193,30 @@ class postfix_server_plugin { } } + $postfix_config_dir = $conf['postfix']['config_dir']; + $new_options = array(); + $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); + foreach ($options as $key => $value) { + if (($value = trim($value)) == '') continue; + if (preg_match("|check_recipient_access\s+proxy:mysql:${postfix_config_dir}/mysql-verify_recipients.cf|", $value)) { + continue; + } + $new_options[] = $value; + } + if (defined($configure_lmtp) && $configure_lmtp) { + for ($i = 0; isset($new_options[$i]); $i++) { + if ($new_options[$i] == 'reject_unlisted_recipient') { + array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${postfix_config_dir}/mysql-verify_recipients.cf")); + break; + } + } + # postfix < 3.3 needs this when using reject_unverified_recipient: + if(version_compare($postfix_version, 3.3, '<')) { + exec("postconf -e 'enable_original_recipient = yes'"); + } + } + exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'"); + if($mail_config['content_filter'] != $old_ini_data['mail']['content_filter']) { if($mail_config['content_filter'] == 'rspamd'){ exec("postconf -X 'receive_override_options'"); @@ -204,11 +231,13 @@ class postfix_server_plugin { exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'"); $new_options = array(); - $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions")); + $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); foreach ($options as $key => $value) { - if (!preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) { - $new_options[] = $value; + if (($value = trim($value)) == '') continue; + if (preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) { + continue; } + $new_options[] = $value; } exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'"); @@ -235,7 +264,7 @@ class postfix_server_plugin { exec("postconf -e 'receive_override_options = no_address_mappings'"); exec("postconf -e 'content_filter = " . ($configure_lmtp ? "lmtp" : "amavis" ) . ":[127.0.0.1]:10024'"); - exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re'"); + exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re'"); } } -- GitLab From c0651edf42b4cd461fa4b4cc3423d51ca1fcac66 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 15 Jul 2020 10:55:29 -0600 Subject: [PATCH 3/4] fix issues from MR 1053 review --- install/lib/installer_base.lib.php | 28 +++++++++++-------- .../postfix_server_plugin.inc.php | 23 ++++++++------- 2 files changed, 29 insertions(+), 22 deletions(-) diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index c02a33eebb..265dd8c583 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -876,8 +876,8 @@ class installer_base { $postfix_service = @($out[0]=='')?false:true; } else { //* fallback - Postfix < 2.9 $content = rf($conf['postfix']['config_dir'].'/master.cf'); - $regex = "/^((?!#)".$service.".*".$type.".*)$/m"; - $postfix_service = @(preg_match($regex, $content))?true:false; + $quoted_regex = "^((?!#)".preg_quote($service, '/').".*".preg_quote($type, '/').".*)$"; + $postfix_service = @(preg_match("/$quoted_regex/m", $content))?true:false; } return $postfix_service; @@ -915,10 +915,11 @@ class installer_base { while ( !feof( $cf ) ) { $line = fgets( $cf ); + $quoted_regex = '^'.preg_quote($service, '/').'\s+'.preg_quote($type, '/'); if ( $reading_service ) { # regex matches a new service or "empty" (whitespace) line if ( preg_match( '/^([^\s#]+.*|\s*)$/', $line ) && - ! preg_match( '/^'.$service.'\s+'.$type.'/', $line ) ) { + ! preg_match( "/$quoted_regex/", $line ) ) { $out .= $line; $reading_service = false; } @@ -926,7 +927,7 @@ class installer_base { # $skipped_lines .= $line; # regex matches definition matching service to be removed - } else if ( preg_match( '/^'.$service.'\s+'.$type.'/', $line ) ) { + } else if ( preg_match( "/$quoted_regex/", $line ) ) { $reading_service = true; # $skipped_lines .= $line; @@ -1157,13 +1158,13 @@ class installer_base { if(is_file('/var/run/courier/authdaemon/')) caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command); //* Check maildrop service in posfix master.cf - $regex = "/^maildrop unix.*pipe flags=DRhu user=vmail argv=\\/usr\\/bin\\/maildrop -d ".$cf['vmail_username']." \\$\{extension} \\$\{recipient} \\$\{user} \\$\{nexthop} \\$\{sender}/"; + $quoted_regex = '^maildrop unix.*pipe flags=DRhu user=vmail '.preg_quote('argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}', '/'); $configfile = $config_dir.'/master.cf'; if($this->get_postfix_service('maildrop', 'unix')) { exec ("postconf -M maildrop.unix 2> /dev/null", $out, $ret); - $change_maildrop_flags = @(preg_match($regex, $out[0]) && $out[0] !='')?false:true; + $change_maildrop_flags = @(preg_match("/$quoted_regex/", $out[0]) && $out[0] !='')?false:true; } else { - $change_maildrop_flags = @(preg_match($regex, $configfile))?false:true; + $change_maildrop_flags = @(preg_match("/$quoted_regex/", $configfile))?false:true; } if ($change_maildrop_flags) { //* Change maildrop service in posfix master.cf @@ -1343,6 +1344,7 @@ class installer_base { } $config_dir = $conf['postfix']['config_dir']; + $quoted_config_dir = preg_quote($config_dir, '/'); $postfix_version = `postconf -d mail_version 2>/dev/null`; $postfix_version = preg_replace( '/mail_version\s*=\s*(.*)\s*/', '$1', $postfix_version ); @@ -1375,11 +1377,12 @@ class installer_base { // Make a backup copy of the main.cf file copy($config_dir.'/main.cf', $config_dir.'/main.cf~3'); - $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); + $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions")); $new_options = array(); foreach ($options as $value) { - if (($value = trim($value)) == '') continue; - if (preg_match("|check_recipient_access\s+proxy:mysql:${config_dir}/mysql-verify_recipients.cf|", $value)) { + $value = trim($value); + if ($value == '') continue; + if (preg_match("|check_recipient_access\s+proxy:mysql:${quoted_config_dir}/mysql-verify_recipients.cf|", $value)) { continue; } $new_options[] = $value; @@ -1638,10 +1641,11 @@ class installer_base { exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'"); - $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); + $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions")); $new_options = array(); foreach ($options as $value) { - if (($value = trim($value)) == '') continue; + $value = trim($value); + if ($value == '') continue; if (preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) { continue; } diff --git a/server/plugins-available/postfix_server_plugin.inc.php b/server/plugins-available/postfix_server_plugin.inc.php index 757ee5e72f..5a0b222a24 100644 --- a/server/plugins-available/postfix_server_plugin.inc.php +++ b/server/plugins-available/postfix_server_plugin.inc.php @@ -85,7 +85,7 @@ class postfix_server_plugin { if ($mail_config['relayhost'].$mail_config['relayhost_user'].$mail_config['relayhost_password'] != $old_ini_data['mail']['relayhost'].$old_ini_data['mail']['relayhost_user'].$old_ini_data['mail']['relayhost_password']) { $content = file_exists('/etc/postfix/sasl_passwd') ? file_get_contents('/etc/postfix/sasl_passwd') : ''; - $content = preg_replace('/^'.preg_quote($old_ini_data['email']['relayhost']).'\s+[^\n]*(:?\n|)/m','',$content); + $content = preg_replace('/^'.preg_quote($old_ini_data['email']['relayhost'], '/').'\s+[^\n]*(:?\n|)/m','',$content); if (!empty($mail_config['relayhost_user']) || !empty($mail_config['relayhost_password'])) { $content .= "\n".$mail_config['relayhost'].' '.$mail_config['relayhost_user'].':'.$mail_config['relayhost_password']; @@ -114,10 +114,11 @@ class postfix_server_plugin { if($rbl_hosts != ''){ $rbl_hosts = explode(",", $rbl_hosts); } - $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); + $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions")); $new_options = array(); foreach ($options as $key => $value) { - if (($value = trim($value)) == '') continue; + $value = trim($value); + if ($value == '') continue; if (!preg_match('/reject_rbl_client/', $value)) { $new_options[] = $value; } else { @@ -142,7 +143,7 @@ class postfix_server_plugin { } if($mail_config['reject_sender_login_mismatch'] != $old_ini_data['mail']['reject_sender_login_mismatch']) { - $options = explode(", ", exec("postconf -h smtpd_sender_restrictions")); + $options = preg_split("/,\s*/", exec("postconf -h smtpd_sender_restrictions")); $new_options = array(); foreach ($options as $key => $value) { if (!preg_match('/reject_authenticated_sender_login_mismatch/', $value)) { @@ -193,12 +194,13 @@ class postfix_server_plugin { } } - $postfix_config_dir = $conf['postfix']['config_dir']; + $quoted_postfix_config_dir = preg_quote($conf['postfix']['config_dir'], '|'); $new_options = array(); - $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); + $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions")); foreach ($options as $key => $value) { - if (($value = trim($value)) == '') continue; - if (preg_match("|check_recipient_access\s+proxy:mysql:${postfix_config_dir}/mysql-verify_recipients.cf|", $value)) { + $value = trim($value); + if ($value == '') continue; + if (preg_match("|check_recipient_access\s+proxy:mysql:${quoted_postfix_config_dir}/mysql-verify_recipients.cf|", $value)) { continue; } $new_options[] = $value; @@ -231,9 +233,10 @@ class postfix_server_plugin { exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'"); $new_options = array(); - $options = explode(",", exec("postconf -h smtpd_recipient_restrictions")); + $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions")); foreach ($options as $key => $value) { - if (($value = trim($value)) == '') continue; + $value = trim($value); + if ($value == '') continue; if (preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) { continue; } -- GitLab From 67452af5eb9c395f5d403396983d9226a6ef020e Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Thu, 23 Jul 2020 12:25:20 -0600 Subject: [PATCH 4/4] remove reject_unlisted_recipient --- install/tpl/debian_postfix.conf.master | 2 +- install/tpl/fedora_postfix.conf.master | 2 +- install/tpl/gentoo_postfix.conf.master | 2 +- install/tpl/opensuse_postfix.conf.master | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index d3df3ab568..169826747d 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -15,7 +15,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index e6f43b01e8..1c78e858be 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -11,7 +11,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index 0f6ee7301b..84d404d15b 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -10,7 +10,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index d29c3d1b05..f2d2a4403b 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -13,7 +13,7 @@ broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 -smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status +smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = {config_dir}/smtpd.cert -- GitLab