diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index 4a7c9cfbfe2f831795ffd9fa33f8569f43b5b306..9ffc7d0ef4fea39a70ff8fde2a893f070c23044a 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -63,6 +63,9 @@ class installer_dist extends installer_base {
//* mysql-virtual_forwardings.cf
$this->process_postfix_config('mysql-virtual_forwardings.cf');
+ //* mysql-virtual_alias_domains.cf
+ $this->process_postfix_config('mysql-virtual_alias_domains.cf');
+
//* mysql-virtual_mailboxes.cf
$this->process_postfix_config('mysql-virtual_mailboxes.cf');
@@ -102,6 +105,9 @@ class installer_dist extends installer_base {
//* mysql-virtual_uids.cf
$this->process_postfix_config('mysql-virtual_uids.cf');
+ //* mysql-virtual_alias_domains.cf
+ $this->process_postfix_config('mysql-verify_recipients.cf');
+
//* postfix-dkim
$filename='tag_as_originating.re';
$full_file_name=$config_dir.'/'.$filename;
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 60fb0511fd8998118a2140d2c2aca8e49128c284..15ab5b6e91c7dded34c8a5285d5a87424a4b474e 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -63,6 +63,9 @@ class installer_dist extends installer_base {
//* mysql-virtual_forwardings.cf
$this->process_postfix_config('mysql-virtual_forwardings.cf');
+ //* mysql-virtual_alias_domains.cf
+ $this->process_postfix_config('mysql-virtual_alias_domains.cf');
+
//* mysql-virtual_mailboxes.cf
$this->process_postfix_config('mysql-virtual_mailboxes.cf');
@@ -99,6 +102,9 @@ class installer_dist extends installer_base {
//* mysql-virtual_uids.cf
$this->process_postfix_config('mysql-virtual_uids.cf');
+ //* mysql-virtual_alias_domains.cf
+ $this->process_postfix_config('mysql-verify_recipients.cf');
+
//* postfix-dkim
$filename='tag_as_originating.re';
$full_file_name=$config_dir.'/'.$filename;
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 81b1257db006458c4ce968415890dfb147c96b53..265dd8c58330de8e96ad4c3449820f42c4ac62b5 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -876,8 +876,8 @@ class installer_base {
$postfix_service = @($out[0]=='')?false:true;
} else { //* fallback - Postfix < 2.9
$content = rf($conf['postfix']['config_dir'].'/master.cf');
- $regex = "/^((?!#)".$service.".*".$type.".*)$/m";
- $postfix_service = @(preg_match($regex, $content))?true:false;
+ $quoted_regex = "^((?!#)".preg_quote($service, '/').".*".preg_quote($type, '/').".*)$";
+ $postfix_service = @(preg_match("/$quoted_regex/m", $content))?true:false;
}
return $postfix_service;
@@ -915,10 +915,11 @@ class installer_base {
while ( !feof( $cf ) ) {
$line = fgets( $cf );
+ $quoted_regex = '^'.preg_quote($service, '/').'\s+'.preg_quote($type, '/');
if ( $reading_service ) {
# regex matches a new service or "empty" (whitespace) line
if ( preg_match( '/^([^\s#]+.*|\s*)$/', $line ) &&
- ! preg_match( '/^'.$service.'\s+'.$type.'/', $line ) ) {
+ ! preg_match( "/$quoted_regex/", $line ) ) {
$out .= $line;
$reading_service = false;
}
@@ -926,7 +927,7 @@ class installer_base {
# $skipped_lines .= $line;
# regex matches definition matching service to be removed
- } else if ( preg_match( '/^'.$service.'\s+'.$type.'/', $line ) ) {
+ } else if ( preg_match( "/$quoted_regex/", $line ) ) {
$reading_service = true;
# $skipped_lines .= $line;
@@ -960,6 +961,9 @@ class installer_base {
//* mysql-virtual_forwardings.cf
$this->process_postfix_config('mysql-virtual_forwardings.cf');
+ //* mysql-virtual_alias_domains.cf
+ $this->process_postfix_config('mysql-virtual_alias_domains.cf');
+
//* mysql-virtual_mailboxes.cf
$this->process_postfix_config('mysql-virtual_mailboxes.cf');
@@ -999,6 +1003,9 @@ class installer_base {
//* mysql-virtual_uids.cf
$this->process_postfix_config('mysql-virtual_uids.cf');
+ //* mysql-virtual_alias_domains.cf
+ $this->process_postfix_config('mysql-verify_recipients.cf');
+
// test if lmtp if available
$configure_lmtp = $this->get_postfix_service('lmtp','unix');
@@ -1151,13 +1158,13 @@ class installer_base {
if(is_file('/var/run/courier/authdaemon/')) caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
//* Check maildrop service in posfix master.cf
- $regex = "/^maildrop unix.*pipe flags=DRhu user=vmail argv=\\/usr\\/bin\\/maildrop -d ".$cf['vmail_username']." \\$\{extension} \\$\{recipient} \\$\{user} \\$\{nexthop} \\$\{sender}/";
+ $quoted_regex = '^maildrop unix.*pipe flags=DRhu user=vmail '.preg_quote('argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}', '/');
$configfile = $config_dir.'/master.cf';
if($this->get_postfix_service('maildrop', 'unix')) {
exec ("postconf -M maildrop.unix 2> /dev/null", $out, $ret);
- $change_maildrop_flags = @(preg_match($regex, $out[0]) && $out[0] !='')?false:true;
+ $change_maildrop_flags = @(preg_match("/$quoted_regex/", $out[0]) && $out[0] !='')?false:true;
} else {
- $change_maildrop_flags = @(preg_match($regex, $configfile))?false:true;
+ $change_maildrop_flags = @(preg_match("/$quoted_regex/", $configfile))?false:true;
}
if ($change_maildrop_flags) {
//* Change maildrop service in posfix master.cf
@@ -1337,6 +1344,9 @@ class installer_base {
}
$config_dir = $conf['postfix']['config_dir'];
+ $quoted_config_dir = preg_quote($config_dir, '/');
+ $postfix_version = `postconf -d mail_version 2>/dev/null`;
+ $postfix_version = preg_replace( '/mail_version\s*=\s*(.*)\s*/', '$1', $postfix_version );
//* Configure master.cf and add a line for deliver
if(!$this->get_postfix_service('dovecot', 'unix')) {
@@ -1348,7 +1358,7 @@ class installer_base {
chmod($config_dir.'/master.cf~2', 0400);
}
//* Configure master.cf and add a line for deliver
- $content = rf($conf["postfix"]["config_dir"].'/master.cf');
+ $content = rf($config_dir.'/master.cf');
$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
af($config_dir.'/master.cf', $deliver_content);
unset($content);
@@ -1365,7 +1375,32 @@ class installer_base {
);
// Make a backup copy of the main.cf file
- copy($conf['postfix']['config_dir'].'/main.cf', $conf['postfix']['config_dir'].'/main.cf~3');
+ copy($config_dir.'/main.cf', $config_dir.'/main.cf~3');
+
+ $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
+ $new_options = array();
+ foreach ($options as $value) {
+ $value = trim($value);
+ if ($value == '') continue;
+ if (preg_match("|check_recipient_access\s+proxy:mysql:${quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
+ continue;
+ }
+ $new_options[] = $value;
+ }
+ if ($configure_lmtp) {
+ for ($i = 0; isset($new_options[$i]); $i++) {
+ if ($new_options[$i] == 'reject_unlisted_recipient') {
+ array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${config_dir}/mysql-verify_recipients.cf"));
+ break;
+ }
+ }
+ # postfix < 3.3 needs this when using reject_unverified_recipient:
+ if(version_compare($postfix_version, 3.3, '<')) {
+ $postconf_commands[] = "enable_original_recipient = yes";
+ }
+ }
+ #exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
+ $postconf_commands[] = "smtpd_recipient_restrictions = ".implode(", ", $new_options);
// Executing the postconf commands
foreach($postconf_commands as $cmd) {
@@ -1605,12 +1640,16 @@ class installer_base {
exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'");
- $new_options = array();
+
$options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
+ $new_options = array();
foreach ($options as $value) {
- if (!preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
- $new_options[] = $value;
+ $value = trim($value);
+ if ($value == '') continue;
+ if (preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
+ continue;
}
+ $new_options[] = $value;
}
exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
index 1c739a5c7ebd9fcf01d81c6f74c962f2129aab34..169826747d01281c3de5838cc869004fc32e68aa 100644
--- a/install/tpl/debian_postfix.conf.master
+++ b/install/tpl/debian_postfix.conf.master
@@ -1,7 +1,7 @@
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
-virtual_alias_domains =
-virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
+virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
virtual_mailbox_base = {vmail_mailbox_base}
@@ -15,7 +15,7 @@ broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {config_dir}/smtpd.cert
@@ -24,7 +24,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf
relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
@@ -44,3 +44,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
+enable_original_recipient = yes
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
index d504c6ed56db5da9ad23cfe6d4beb05477854bc6..1c78e858beb5475f21ee6b85c00785c423f878bb 100644
--- a/install/tpl/fedora_postfix.conf.master
+++ b/install/tpl/fedora_postfix.conf.master
@@ -1,5 +1,5 @@
-virtual_alias_domains =
-virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
+virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
virtual_mailbox_base = {vmail_mailbox_base}
@@ -11,7 +11,7 @@ broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {config_dir}/smtpd.cert
@@ -20,7 +20,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf
relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
@@ -40,3 +40,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
+enable_original_recipient = yes
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
index cad2b97c3cf0d2a17846fcd2fc543fa2b01915f5..84d404d15b0bc63e4b5edb469c04f478b3070018 100644
--- a/install/tpl/gentoo_postfix.conf.master
+++ b/install/tpl/gentoo_postfix.conf.master
@@ -1,5 +1,5 @@
-virtual_alias_domains =
-virtual_alias_maps = proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
+virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
virtual_mailbox_base = {vmail_mailbox_base}
@@ -10,7 +10,7 @@ broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {config_dir}/smtpd.cert
@@ -19,7 +19,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf
relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
@@ -39,3 +39,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
+enable_original_recipient = yes
diff --git a/install/tpl/mysql-verify_recipients.cf.master b/install/tpl/mysql-verify_recipients.cf.master
new file mode 100644
index 0000000000000000000000000000000000000000..2b433491d8e3d9817d20f2d6d9674200410ade96
--- /dev/null
+++ b/install/tpl/mysql-verify_recipients.cf.master
@@ -0,0 +1,5 @@
+user = {mysql_server_ispconfig_user}
+password = {mysql_server_ispconfig_password}
+dbname = {mysql_server_database}
+hosts = {mysql_server_ip}
+query = SELECT 'reject_unverified_recipient' FROM mail_domain WHERE domain = '%s' AND active = 'y' AND server_id = {server_id}
diff --git a/install/tpl/mysql-virtual_alias_domains.cf.master b/install/tpl/mysql-virtual_alias_domains.cf.master
new file mode 100644
index 0000000000000000000000000000000000000000..e55fd8ea8df088457ba43a01c8df62a33e888b6f
--- /dev/null
+++ b/install/tpl/mysql-virtual_alias_domains.cf.master
@@ -0,0 +1,6 @@
+user = {mysql_server_ispconfig_user}
+password = {mysql_server_ispconfig_password}
+dbname = {mysql_server_database}
+hosts = {mysql_server_ip}
+query = SELECT destination FROM mail_forwarding
+ WHERE source = '@%d' AND type = 'aliasdomain' AND active = 'y' AND server_id = {server_id}
diff --git a/install/tpl/mysql-virtual_domains.cf.master b/install/tpl/mysql-virtual_domains.cf.master
index 0d1793a95a9c432754db7fd3d587caef522c54af..11ccb046ef0a37a9bd2a3f33437a5efbe4e7b428 100644
--- a/install/tpl/mysql-virtual_domains.cf.master
+++ b/install/tpl/mysql-virtual_domains.cf.master
@@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user}
password = {mysql_server_ispconfig_password}
dbname = {mysql_server_database}
hosts = {mysql_server_ip}
-query = select domain from mail_domain where domain = '%s' and active = 'y' and server_id = {server_id}
+query = SELECT domain FROM mail_domain WHERE domain = '%s' AND active = 'y' AND server_id = {server_id}
+ AND NOT EXISTS (SELECT source FROM mail_forwarding WHERE source = '@%s' AND type = 'aliasdomain' AND active = 'y' AND server_id = {server_id})
diff --git a/install/tpl/mysql-virtual_forwardings.cf.master b/install/tpl/mysql-virtual_forwardings.cf.master
index 04a94ee634b607169d360dfc1932f327dbf38600..9ab6f3e860fa06ac2f987343f17f2c43115f36bd 100644
--- a/install/tpl/mysql-virtual_forwardings.cf.master
+++ b/install/tpl/mysql-virtual_forwardings.cf.master
@@ -2,22 +2,10 @@ user = {mysql_server_ispconfig_user}
password = {mysql_server_ispconfig_password}
dbname = {mysql_server_database}
hosts = {mysql_server_ip}
-query = SELECT u.email as target FROM mail_forwarding as s
- INNER JOIN mail_user as u ON (u.email = CONCAT('%u@', SUBSTRING_INDEX(s.destination,'@',-1)))
- WHERE s.source = '@%d' AND s.type = 'aliasdomain' AND s.active = 'y' AND u.disabledeliver = 'n' AND s.server_id = {server_id}
+query = SELECT s.destination AS target FROM mail_forwarding AS s
+ WHERE s.source = '%s' AND s.type IN ('alias', 'forward') AND s.active = 'y' AND s.server_id = {server_id}
UNION
- SELECT s.destination as target FROM mail_forwarding as s
- WHERE s.source = '%s' AND s.type IN ('alias', 'forward') and s.active = 'y' AND s.server_id = {server_id}
- UNION
- SELECT s.destination as target FROM mail_forwarding as s
- INNER JOIN mail_forwarding as f ON (f.source = CONCAT('%u@', SUBSTRING_INDEX(s.destination,'@',-1)))
- WHERE s.source = '@%d' AND s.type = 'aliasdomain' AND s.active = 'y' AND f.active = 'y' AND s.server_id = {server_id}
- UNION
- SELECT s.destination as target FROM mail_forwarding as s
- LEFT JOIN mail_user as uu ON (uu.email = '%s' AND uu.disabledeliver = 'n')
- LEFT JOIN mail_forwarding as uf ON (uf.source = '%s' AND uf.type IN ('alias', 'forward') AND uf.active = 'y')
- WHERE s.source = '@%d' AND s.type IN ('catchall') and s.active = 'y' AND uu.mailuser_id IS NULL AND uf.forwarding_id IS NULL AND s.server_id = {server_id}
- UNION
- SELECT s.destination as target FROM mail_forwarding as s
- INNER JOIN mail_forwarding as t ON (t.source = s.destination AND t.type = 'catchall')
- WHERE s.source = '@%d' AND s.type = 'aliasdomain' and s.active = 'y' AND t.active = 'y' AND s.server_id = {server_id}
+ SELECT s.destination AS target FROM mail_forwarding AS s
+ WHERE s.source = '@%d' AND s.type = 'catchall' AND s.active = 'y' AND s.server_id = {server_id}
+ AND NOT EXISTS (SELECT email FROM mail_user WHERE email = '%s' AND server_id = {server_id})
+ AND NOT EXISTS (SELECT source FROM mail_forwarding WHERE source = '%s' AND active = 'y' AND server_id = {server_id})
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
index c59d46fa970783c3b5f0b3275c7780028773692d..f2d2a4403b4cc89f79626789b779ae7c3e6d1ab9 100644
--- a/install/tpl/opensuse_postfix.conf.master
+++ b/install/tpl/opensuse_postfix.conf.master
@@ -1,7 +1,7 @@
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
-virtual_alias_domains =
-virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
+virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
virtual_mailbox_base = {vmail_mailbox_base}
@@ -13,7 +13,7 @@ broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = {config_dir}/smtpd.cert
@@ -22,7 +22,7 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf
relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
@@ -42,3 +42,5 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
+enable_original_recipient = yes
diff --git a/server/plugins-available/postfix_server_plugin.inc.php b/server/plugins-available/postfix_server_plugin.inc.php
index 80db1c102a08a8e3a0b21edb82d4621220336a1d..5a0b222a2491bb62125adbaa096d887ed28aee85 100644
--- a/server/plugins-available/postfix_server_plugin.inc.php
+++ b/server/plugins-available/postfix_server_plugin.inc.php
@@ -33,9 +33,6 @@ class postfix_server_plugin {
var $plugin_name = 'postfix_server_plugin';
var $class_name = 'postfix_server_plugin';
-
- var $postfix_config_dir = '/etc/postfix';
-
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall() {
@@ -79,11 +76,16 @@ class postfix_server_plugin {
$old_ini_data = $app->ini_parser->parse_ini_string($data['old']['config']);
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
+ // Get postfix version
+ exec('postconf -d mail_version 2>&1', $out);
+ $postfix_version = preg_replace('/.*=\s*/', '', $out[0]);
+ unset($out);
+
copy('/etc/postfix/main.cf', '/etc/postfix/main.cf~');
-
+
if ($mail_config['relayhost'].$mail_config['relayhost_user'].$mail_config['relayhost_password'] != $old_ini_data['mail']['relayhost'].$old_ini_data['mail']['relayhost_user'].$old_ini_data['mail']['relayhost_password']) {
$content = file_exists('/etc/postfix/sasl_passwd') ? file_get_contents('/etc/postfix/sasl_passwd') : '';
- $content = preg_replace('/^'.preg_quote($old_ini_data['email']['relayhost']).'\s+[^\n]*(:?\n|)/m','',$content);
+ $content = preg_replace('/^'.preg_quote($old_ini_data['email']['relayhost'], '/').'\s+[^\n]*(:?\n|)/m','',$content);
if (!empty($mail_config['relayhost_user']) || !empty($mail_config['relayhost_password'])) {
$content .= "\n".$mail_config['relayhost'].' '.$mail_config['relayhost_user'].':'.$mail_config['relayhost_password'];
@@ -115,14 +117,16 @@ class postfix_server_plugin {
$options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
$new_options = array();
foreach ($options as $key => $value) {
+ $value = trim($value);
+ if ($value == '') continue;
if (!preg_match('/reject_rbl_client/', $value)) {
$new_options[] = $value;
} else {
if(is_array($rbl_hosts) && !empty($rbl_hosts) && !$rbl_updated){
$rbl_updated = true;
- foreach ($rbl_hosts as $key => $value) {
- $value = trim($value);
- if($value != '') $new_options[] = "reject_rbl_client ".$value;
+ foreach ($rbl_hosts as $key2 => $value2) {
+ $value2 = trim($value2);
+ if($value2 != '') $new_options[] = "reject_rbl_client ".$value2;
}
}
}
@@ -139,7 +143,7 @@ class postfix_server_plugin {
}
if($mail_config['reject_sender_login_mismatch'] != $old_ini_data['mail']['reject_sender_login_mismatch']) {
- $options = explode(", ", exec("postconf -h smtpd_sender_restrictions"));
+ $options = preg_split("/,\s*/", exec("postconf -h smtpd_sender_restrictions"));
$new_options = array();
foreach ($options as $key => $value) {
if (!preg_match('/reject_authenticated_sender_login_mismatch/', $value)) {
@@ -190,6 +194,31 @@ class postfix_server_plugin {
}
}
+ $quoted_postfix_config_dir = preg_quote($conf['postfix']['config_dir'], '|');
+ $new_options = array();
+ $options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
+ foreach ($options as $key => $value) {
+ $value = trim($value);
+ if ($value == '') continue;
+ if (preg_match("|check_recipient_access\s+proxy:mysql:${quoted_postfix_config_dir}/mysql-verify_recipients.cf|", $value)) {
+ continue;
+ }
+ $new_options[] = $value;
+ }
+ if (defined($configure_lmtp) && $configure_lmtp) {
+ for ($i = 0; isset($new_options[$i]); $i++) {
+ if ($new_options[$i] == 'reject_unlisted_recipient') {
+ array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${postfix_config_dir}/mysql-verify_recipients.cf"));
+ break;
+ }
+ }
+ # postfix < 3.3 needs this when using reject_unverified_recipient:
+ if(version_compare($postfix_version, 3.3, '<')) {
+ exec("postconf -e 'enable_original_recipient = yes'");
+ }
+ }
+ exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
+
if($mail_config['content_filter'] != $old_ini_data['mail']['content_filter']) {
if($mail_config['content_filter'] == 'rspamd'){
exec("postconf -X 'receive_override_options'");
@@ -206,9 +235,12 @@ class postfix_server_plugin {
$new_options = array();
$options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
foreach ($options as $key => $value) {
- if (!preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
- $new_options[] = $value;
+ $value = trim($value);
+ if ($value == '') continue;
+ if (preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
+ continue;
}
+ $new_options[] = $value;
}
exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
@@ -235,7 +267,7 @@ class postfix_server_plugin {
exec("postconf -e 'receive_override_options = no_address_mappings'");
exec("postconf -e 'content_filter = " . ($configure_lmtp ? "lmtp" : "amavis" ) . ":[127.0.0.1]:10024'");
- exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re'");
+ exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re'");
}
}