2020-07-01 19:50:08 +08:00
#!/usr/bin/env bash
2020-06-30 00:49:52 +08:00
announce_startup( ) {
2020-07-03 13:08:27 +08:00
echo -e " ${ gray } ${ emphasis } ★★★★★ ${ reset } ${ lightblue } POSTFIX STARTING UP ${ reset } ${ gray } ${ emphasis } ★★★★★ ${ reset } "
2020-06-30 00:49:52 +08:00
}
setup_timezone( ) {
2023-02-09 16:55:44 +08:00
if [ [ ! -z " $TZ " ] ] ; then
2020-06-30 00:49:52 +08:00
TZ_FILE = " /usr/share/zoneinfo/ $TZ "
if [ -f " $TZ_FILE " ] ; then
2020-07-03 13:08:27 +08:00
notice " Setting container timezone to: ${ emphasis } $TZ ${ reset } "
2020-06-30 00:49:52 +08:00
ln -snf " $TZ_FILE " /etc/localtime
echo " $TZ " > /etc/timezone
else
2020-07-03 13:08:27 +08:00
warn " Cannot set timezone to: ${ emphasis } $TZ ${ reset } -- this timezone does not exist. "
2020-06-30 00:49:52 +08:00
fi
else
2020-07-03 13:08:27 +08:00
info "Not setting any timezone for the container"
2020-06-30 00:49:52 +08:00
fi
}
2020-07-01 19:50:08 +08:00
rsyslog_log_format( ) {
local log_format = " ${ LOG_FORMAT } "
if [ [ -z " ${ log_format } " ] ] ; then
log_format = "plain"
fi
2020-07-03 13:08:27 +08:00
info " Using ${ emphasis } ${ log_format } ${ reset } log format for rsyslog. "
2020-07-01 19:50:08 +08:00
sed -i -E " s/<log-format>/ ${ log_format } / " /etc/rsyslog.conf
}
2021-11-10 21:12:14 +08:00
anon_email_log( ) {
local anon_email = " ${ ANONYMIZE_EMAILS } "
if [ [ " ${ anon_email } " = = "true" || " ${ anon_email } " = = "1" || " ${ anon_email } " = = "yes" || " ${ anon_email } " = = "y" ] ] ; then
anon_email = "default"
fi
if [ [ -n " ${ anon_email } " && " ${ anon_email } " != "0" ] ] ; then
notice " Using ${ emphasis } ${ anon_email } ${ reset } filter for email anonymization. "
sed -i -E " s/<anon-email-format>/ ${ anon_email } / " /etc/rsyslog.conf
sed -i -E '
/^\s *#\s *<email-anonymizer>\s *$/,/^\s *#\s *<\/ email-anonymizer>\s *$/{
/^\s *#\s *<email-anonymizer>\s *$/n
/^\s *#\s *<\/ email-anonymizer>\s *$/! {
s/( \s *) #(.*)$/\1\2/g
}
}
' /etc/rsyslog.conf
else
2022-03-29 02:15:20 +08:00
notice " Emails in the logs will not be anonymized. Set ${ emphasis } ANONYMIZE_EMAILS ${ reset } to enable this feature. "
2021-11-10 21:12:14 +08:00
fi
}
2021-05-19 04:42:16 +08:00
setup_conf( ) {
local srcfile
local dstfile
local base
# Make sure the /etc/postfix directory exists
mkdir -p /etc/postfix
# Make sure all the neccesary files (and directories) exist
if [ [ -d "/etc/postfix.template/" ] ] ; then
for srcfile in /etc/postfix.template/*; do
base = " $( basename $srcfile ) "
dstfile = " /etc/postfix/ $base "
if [ [ ! -e " $dstfile " ] ] ; then
debug " Creating ${ emphasis } $dstfile ${ reset } . "
cp -r " $srcfile " " $dstfile "
fi
done
fi
}
2020-06-30 00:49:52 +08:00
reown_folders( ) {
2022-03-29 02:10:44 +08:00
mkdir -p /var/spool/postfix/pid /var/spool/postfix/dev /var/spool/postfix/private /var/spool/postfix/public
2022-03-29 02:15:20 +08:00
if [ [ " ${ SKIP_ROOT_SPOOL_CHOWN } " = = "1" ] ] ; then
2022-03-29 02:10:44 +08:00
warn " ${ emphasis } SKIP_ROOT_SPOOL_CHOWN ${ reset } is set. Script will not chown ${ emphasis } /var/spool/postfix/ ${ reset } . Make sure you know what you're doing. "
else
2022-03-29 02:15:20 +08:00
debug " Reowing ${ emphasis } root: /var/spool/postfix/ ${ reset } "
2022-03-29 02:10:44 +08:00
if ! chown root: /var/spool/postfix/; then
warn " Cannot reown ${ emphasis } root: ${ reset } for ${ emphasis } /var/spool/postfix/ ${ reset } . Your installation might be broken. "
fi
2022-03-29 02:15:20 +08:00
debug " Reowing ${ emphasis } root: /var/spool/postfix/pid/ ${ reset } "
2022-03-29 02:10:44 +08:00
if ! chown root: /var/spool/postfix/pid; then
warn " Cannot reown ${ emphasis } root: ${ reset } for ${ emphasis } /var/spool/postfix/pid/ ${ reset } . Your installation might be broken. "
fi
fi
2022-03-29 02:15:20 +08:00
debug " Reowing ${ emphasis } postfix:postdrop /var/spool/postfix/private/ ${ reset } "
2022-03-29 02:10:44 +08:00
if ! chown -R postfix:postdrop /var/spool/postfix/private; then
warn " Cannot reown ${ emphasis } postfix:postdrop ${ reset } for ${ emphasis } /var/spool/postfix/private ${ reset } . Your installation might be broken. "
fi
2022-03-29 02:15:20 +08:00
debug " Reowing ${ emphasis } postfix:postdrop /var/spool/postfix/public/ ${ reset } "
2022-03-29 02:10:44 +08:00
if ! chown -R postfix:postdrop /var/spool/postfix/public; then
warn " Cannot reown ${ emphasis } postfix:postdrop ${ reset } for ${ emphasis } /var/spool/postfix/public ${ reset } . Your installation might be broken. "
fi
2021-05-29 23:08:08 +08:00
do_postconf -e "manpage_directory=/usr/share/man"
2021-06-06 03:07:54 +08:00
# postfix set-permissions complains if documentation files do not exist
postfix -c /etc/postfix/ set-permissions > /dev/null 2>& 1 || true
2020-06-30 00:49:52 +08:00
}
2023-02-09 16:55:44 +08:00
postfix_enable_chroot( ) {
# Fix Kubernetes not mounting NSS configuration (https://github.com/kubernetes/kubernetes/issues/71082)
if [ [ ! -e /etc/nsswitch.conf ] ] ; then
notice " Creating file ${ emphasis } /etc/nsswitch.conf ${ reset } . See https://github.com/kubernetes/kubernetes/issues/71082 "
if ! echo 'hosts: files dns' > /etc/nsswitch.conf; then
warn " Could not write ${ emphasis } /etc/nsswitch.conf ${ reset } . Postfix will still start, but check https://github.com/kubernetes/kubernetes/issues/71082 for more info. "
fi
fi
# Adapted from example Linux chroot in Postfix sources examples/chroot-setup/LINUX2
2023-02-09 17:39:51 +08:00
info "Preparing files for Postfix chroot:"
2023-02-09 16:55:44 +08:00
if [ [ -z " ${ POSTFIXD_DIR } " ] ] ; then
POSTFIXD_DIR = /var/spool/postfix
fi
if [ [ -z " ${ POSTFIXD_ETC } " ] ] ; then
POSTFIXD_ETC = " ${ POSTFIXD_DIR } /etc "
fi
if [ [ -z " ${ POSTFIX_ZIF } " ] ] ; then
POSTFIXD_ZIF = " ${ POSTFIXD_DIR } /usr/lib/zoneinfo "
fi
(
umask 022
[ [ -d " $POSTFIXD_ETC " ] ] && mkdir -pv $POSTFIXD_ETC || true
[ [ -d " $POSTFIXD_ZIF " ] ] && mkdir -pv $POSTFIXD_ZIF || true
[ [ -e /etc/localtime ] ] && ln -fsv /etc/localtime $POSTFIXD_ZIF || true
[ [ -e /etc/localtime ] ] && cp -fpv /etc/localtime $POSTFIXD_ETC || true
[ [ -e /etc/nsswitch.conf ] ] && cp -fpv /etc/nsswitch.conf $POSTFIXD_ETC || true
[ [ -e /etc/resolv.conf ] ] && cp -fpv /etc/resolv.conf $POSTFIXD_ETC || true
[ [ -e /etc/services ] ] && cp -fpv /etc/services $POSTFIXD_ETC || true
[ [ -e /etc/host.conf ] ] && cp -fpv /etc/host.conf $POSTFIXD_ETC || true
[ [ -e /etc/hosts ] ] && cp -fpv /etc/hosts $POSTFIXD_ETC || true
[ [ -e /etc/passwd ] ] && cp -fpv /etc/passwd $POSTFIXD_ETC || true
2023-02-09 17:39:51 +08:00
) | sed 's/^/ /g'
2023-02-09 16:55:44 +08:00
}
2021-05-19 04:42:16 +08:00
postfix_upgrade_conf( ) {
local maincf = /etc/postfix/main.cf
2021-05-29 23:08:08 +08:00
local line
2021-05-19 04:42:16 +08:00
local entry
local filename
2021-05-29 23:08:08 +08:00
local OLD_IFS
2021-05-19 04:42:16 +08:00
# Check for any references to the old "hash:" and "btree:" databases and replae them with "lmdb:"
if cat " $maincf " | egrep -v "^#" | egrep -q "(hash|btree):" ; then
2021-05-29 23:08:08 +08:00
warn "Detected old hash: and btree: references in the config file, which are not supported anymore. Upgrading to lmdb:"
2021-05-19 04:42:16 +08:00
sed -i -E 's/(hash|btree):/lmdb:/g' " $maincf "
2021-05-29 23:08:08 +08:00
OLD_IFS = " $IFS "
IFS = $'\n'
2021-05-19 04:42:16 +08:00
# Recreate aliases
2021-05-29 23:08:08 +08:00
for line in $( cat " $maincf " | egrep 'lmdb:[^,]+' | sort | uniq) ; do
entry = " $( echo " $line " | egrep -o 'lmdb:[^,]+' ) "
filename = " $( echo " $entry " | cut -d: -f2) "
2021-05-19 04:42:16 +08:00
if [ [ -f " $filename " ] ] ; then
2021-05-29 23:08:08 +08:00
if echo " $line " | egrep -q '[ \t]*alias.*' ; then
debug " Creating new postalias for ${ emphasis } $entry ${ reset } . "
postalias $entry
else
debug " Creating new postmap for ${ emphasis } $entry ${ reset } . "
postmap $entry
fi
2021-05-19 04:42:16 +08:00
fi
done
2021-05-29 23:08:08 +08:00
IFS = " $OLD_IFS "
2021-05-19 04:42:16 +08:00
else
debug "No upgrade needed."
fi
}
2020-06-30 00:49:52 +08:00
postfix_disable_utf8( ) {
2021-05-29 23:08:08 +08:00
if [ [ -f /etc/alpine-release ] ] ; then
do_postconf -e smtputf8_enable = no
fi
2020-06-30 00:49:52 +08:00
}
postfix_create_aliases( ) {
2021-05-29 23:08:08 +08:00
touch /etc/postfix/aliases
2020-06-30 00:49:52 +08:00
postalias /etc/postfix/aliases
}
postfix_disable_local_mail_delivery( ) {
2020-10-23 17:40:11 +08:00
do_postconf -e mydestination =
2020-06-30 00:49:52 +08:00
}
postfix_disable_domain_relays( ) {
2020-10-23 17:40:11 +08:00
do_postconf -e relay_domains =
2020-06-30 00:49:52 +08:00
}
postfix_increase_header_size_limit( ) {
2020-10-23 17:40:11 +08:00
do_postconf -e "header_size_limit=4096000"
2020-06-30 00:49:52 +08:00
}
postfix_restrict_message_size( ) {
2020-07-03 13:08:27 +08:00
if [ [ -n " ${ MESSAGE_SIZE_LIMIT } " ] ] ; then
deprecated " ${ emphasis } MESSAGE_SIZE_LIMIT ${ reset } variable is deprecated. Please use ${ emphasis } POSTFIX_message_size_limit ${ reset } instead. "
POSTFIX_message_size_limit = " ${ MESSAGE_SIZE_LIMIT } "
fi
if [ [ -n " ${ POSTFIX_message_size_limit } " ] ] ; then
notice " Restricting message_size_limit to: ${ emphasis } ${ POSTFIX_message_size_limit } bytes ${ reset } "
2020-06-30 00:49:52 +08:00
else
2020-07-03 13:08:27 +08:00
info " Using ${ emphasis } unlimited ${ reset } message size. "
POSTFIX_message_size_limit = 0
2020-06-30 00:49:52 +08:00
fi
}
postfix_reject_invalid_helos( ) {
2020-10-23 17:40:11 +08:00
do_postconf -e smtpd_delay_reject = yes
do_postconf -e smtpd_helo_required = yes
2020-10-24 21:52:15 +08:00
# Fast reject -- reject straight away when the client is connecting
do_postconf -e "smtpd_client_restrictions=permit_mynetworks,reject"
# Reject / accept on EHLO / HELO command
2020-10-23 17:40:11 +08:00
do_postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit"
2020-10-24 21:52:15 +08:00
# Delayed reject -- reject on MAIL FROM command. Not strictly neccessary to have both, but doesn't hurt
do_postconf -e "smtpd_sender_restrictions=permit_mynetworks,reject"
2020-06-30 00:49:52 +08:00
}
postfix_set_hostname( ) {
2020-10-23 17:40:11 +08:00
do_postconf -# myhostname
2020-07-03 13:08:27 +08:00
if [ [ -z " $POSTFIX_myhostname " ] ] ; then
POSTFIX_myhostname = " ${ HOSTNAME } "
2020-06-30 00:49:52 +08:00
fi
}
postfix_set_relay_tls_level( ) {
2021-05-31 15:01:53 +08:00
if [ ! -z " $RELAYHOST_TLS_LEVEL " ] ; then
deprecated " ${ emphasis } RELAYHOST_TLS_LEVEL ${ reset } variable is deprecated. Please use ${ emphasis } POSTFIX_smtp_tls_security_level ${ reset } instead. "
POSTFIX_smtp_tls_security_level = " $RELAYHOST_TLS_LEVEL "
fi
if [ -z " $POSTFIX_smtp_tls_security_level " ] ; then
2020-07-03 13:08:27 +08:00
info " Setting smtp_tls_security_level: ${ emphasis } may ${ reset } "
2021-05-31 15:01:53 +08:00
POSTFIX_smtp_tls_security_level = "may"
2020-06-30 00:49:52 +08:00
fi
}
postfix_setup_relayhost( ) {
if [ ! -z " $RELAYHOST " ] ; then
2020-07-03 13:08:27 +08:00
noticen " Forwarding all emails to ${ emphasis } $RELAYHOST ${ reset } "
2020-10-23 17:40:11 +08:00
do_postconf -e " relayhost= $RELAYHOST "
2020-06-30 00:49:52 +08:00
# Alternately, this could be a folder, like this:
# smtp_tls_CApath
2020-10-23 17:40:11 +08:00
do_postconf -e "smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt"
2020-06-30 00:49:52 +08:00
2020-11-06 17:52:17 +08:00
file_env 'RELAYHOST_PASSWORD'
2021-06-04 21:52:19 +08:00
# Allow to overwrite RELAYHOST in the sasl_passwd file with SASL_RELAYHOST variable if specified
if [ -z " $SASL_RELAYHOST " ] ; then
SASL_RELAYHOST = $RELAYHOST
fi
2020-06-30 00:49:52 +08:00
if [ -n " $RELAYHOST_USERNAME " ] && [ -n " $RELAYHOST_PASSWORD " ] ; then
echo -e " using username ${ emphasis } $RELAYHOST_USERNAME ${ reset } and password ${ emphasis } (redacted) ${ reset } . "
2020-10-23 17:40:11 +08:00
if [ [ -f /etc/postfix/sasl_passwd ] ] ; then
2022-03-29 01:51:47 +08:00
if ! grep -q -F " $SASL_RELAYHOST $RELAYHOST_USERNAME : $RELAYHOST_PASSWORD " /etc/postfix/sasl_passwd; then
2022-03-29 01:49:31 +08:00
sed -i -e " /^ $SASL_RELAYHOST .* $/d " /etc/postfix/sasl_passwd
2021-06-04 21:52:19 +08:00
echo " $SASL_RELAYHOST $RELAYHOST_USERNAME : $RELAYHOST_PASSWORD " >> /etc/postfix/sasl_passwd
2020-10-23 17:40:11 +08:00
fi
else
2021-06-04 21:52:19 +08:00
echo " $SASL_RELAYHOST $RELAYHOST_USERNAME : $RELAYHOST_PASSWORD " >> /etc/postfix/sasl_passwd
2020-10-23 17:40:11 +08:00
fi
2021-02-08 06:07:39 +08:00
postmap lmdb:/etc/postfix/sasl_passwd
2021-05-31 15:01:53 +08:00
chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.lmdb
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.lmdb
2020-10-23 17:40:11 +08:00
do_postconf -e "smtp_sasl_auth_enable=yes"
2021-02-08 06:07:39 +08:00
do_postconf -e "smtp_sasl_password_maps=lmdb:/etc/postfix/sasl_passwd"
2020-10-23 17:40:11 +08:00
do_postconf -e "smtp_sasl_security_options=noanonymous"
do_postconf -e "smtp_sasl_tls_security_options=noanonymous"
2020-06-30 00:49:52 +08:00
else
echo -e " without any authentication. ${ emphasis } Make sure your server is configured to accept emails coming from this IP. ${ reset } "
fi
else
2020-07-03 13:08:27 +08:00
notice " Will try to deliver emails directly to the final server. ${ emphasis } Make sure your DNS is setup properly! ${ reset } "
2020-10-23 17:40:11 +08:00
do_postconf -# relayhost
do_postconf -# smtp_sasl_auth_enable
do_postconf -# smtp_sasl_password_maps
do_postconf -# smtp_sasl_security_options
2020-06-30 00:49:52 +08:00
fi
}
2020-11-06 17:52:17 +08:00
postfix_setup_xoauth2_pre_setup( ) {
file_env 'XOAUTH2_CLIENT_ID'
file_env 'XOAUTH2_SECRET'
if [ -n " $XOAUTH2_CLIENT_ID " ] && [ -n " $XOAUTH2_SECRET " ] ; then
cat <<EOF > /etc/sasl-xoauth2.conf
{
"client_id" : " ${ XOAUTH2_CLIENT_ID } " ,
"client_secret" : " ${ XOAUTH2_SECRET } " ,
"log_to_syslog_on_failure" : " ${ XOAUTH2_SYSLOG_ON_FAILURE :- no } " ,
"log_full_trace_on_failure" : " ${ XOAUTH2_FULL_TRACE :- no } "
}
EOF
if [ -z " $RELAYHOST " ] || [ -z " ${ RELAYHOST_USERNAME } " ] ; then
error "You need to specify RELAYHOST and RELAYHOST_USERNAME otherwise Postfix will not run!"
exit 1
fi
2022-06-16 16:46:26 +08:00
# Note that this is not an error. sasl-xoauth2 expect the password to be stored
# in a file, which is referenced by the smtp_sasl_password_maps file.
export RELAYHOST_PASSWORD_FILENAME = ""
2020-11-06 17:52:17 +08:00
export RELAYHOST_PASSWORD = " /var/spool/postfix/xoauth2-tokens/ ${ RELAYHOST_USERNAME } "
if [ ! -d "/var/spool/postfix/xoauth2-tokens" ] ; then
mkdir -p "/var/spool/postfix/xoauth2-tokens"
fi
if [ ! -f " /var/spool/postfix/xoauth2-tokens/ ${ RELAYHOST_USERNAME } " ] && [ -n " $XOAUTH2_INITIAL_ACCESS_TOKEN " ] && [ -n " $XOAUTH2_INITIAL_REFRESH_TOKEN " ] ; then
cat <<EOF > "/var/spool/postfix/xoauth2-tokens/${RE LAYHOST_USERNAME} "
{
"access_token" : " ${ XOAUTH2_INITIAL_ACCESS_TOKEN } " ,
"refresh_token" : " ${ XOAUTH2_INITIAL_REFRESH_TOKEN } " ,
"expiry" : "0"
}
EOF
fi
chown -R postfix:root "/var/spool/postfix/xoauth2-tokens"
fi
}
postfix_setup_xoauth2_post_setup( ) {
2022-06-16 16:46:26 +08:00
local other_plugins
2020-11-06 17:52:17 +08:00
if [ -n " $XOAUTH2_CLIENT_ID " ] && [ -n " $XOAUTH2_SECRET " ] ; then
do_postconf -e 'smtp_sasl_security_options='
do_postconf -e 'smtp_sasl_mechanism_filter=xoauth2'
2021-05-19 04:42:16 +08:00
do_postconf -e 'smtp_tls_session_cache_database=lmdb:${data_directory}/smtp_scache'
2022-06-16 16:46:26 +08:00
else
# So, this fix should solve the issue #106, when password in the 'smtp_sasl_password_maps' was
# read as file instead of the actual password. It turns out that the culprit is the sasl-xoauth2
# plugin, which expect the filename in place of the password. And as the plugin injects itself
# automatically in the list of SASL login mechanisms, it tries to read the password as a file and --
# naturally -- fails.
#
# The fix is therefore simple: If we're not using OAuth2, we remove the plugin from the list and
# keep all the plugins installed.
other_plugins = " $( pluginviewer -c | grep Plugin | cut -d\ -f2 | cut -c2- | rev | cut -c2- | rev | grep -v EXTERNAL | grep -v sasl-xoauth2 | tr '\n' ',' | rev | cut -c2- | rev) "
do_postconf -e " smtp_sasl_mechanism_filter= ${ other_plugins } "
2020-11-06 17:52:17 +08:00
fi
}
2022-08-29 21:49:08 +08:00
postfix_setup_smtpd_sasl_auth( ) {
if [ ! -z " $SMTPD_SASL_USERS " ] ; then
info "Enable smtpd sasl auth."
do_postconf -e "smtpd_sasl_auth_enable=yes"
do_postconf -e "broken_sasl_auth_clients=yes"
[ ! -d /etc/postfix/sasl ] && mkdir /etc/postfix/sasl
cat >> /etc/postfix/sasl/smtpd.conf <<EOF
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
EOF
[ ! -d /etc/sasl2 ] && mkdir /etc/sasl2
ln -s /etc/postfix/sasl/smtpd.conf /etc/sasl2/
# sasldb2
echo $SMTPD_SASL_USERS | tr , \\ n > /tmp/passwd
while IFS = ':' read -r _user _pwd; do
echo $_pwd | saslpasswd2 -p -c $_user
done < /tmp/passwd
rm -f /tmp/passwd
2022-09-07 04:28:11 +08:00
[ -f /etc/sasldb2 ] && chown postfix:postfix /etc/sasldb2
[ -f /etc/sasl2/sasldb2 ] && chown postfix:postfix /etc/sasl2/sasldb2
2022-08-29 21:49:08 +08:00
fi
}
2020-06-30 00:49:52 +08:00
postfix_setup_networks( ) {
if [ ! -z " $MYNETWORKS " ] ; then
2020-07-03 13:08:27 +08:00
deprecated " ${ emphasis } MYNETWORKS ${ reset } variable is deprecated. Please use ${ emphasis } POSTFIX_mynetworks ${ reset } instead. "
notice " Using custom allowed networks: ${ emphasis } $MYNETWORKS ${ reset } "
POSTFIX_mynetworks = " $MYNETWORKS "
elif [ ! -z " $POSTFIX_mynetworks " ] ; then
notice " Using custom allowed networks: ${ emphasis } $POSTFIX_mynetworks ${ reset } "
2020-06-30 00:49:52 +08:00
else
2020-07-03 13:08:27 +08:00
info "Using default private network list for trusted networks."
POSTFIX_mynetworks = "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
2020-06-30 00:49:52 +08:00
fi
}
postfix_setup_debugging( ) {
if [ ! -z " $INBOUND_DEBUGGING " ] ; then
2020-07-03 13:08:27 +08:00
notice " Enabling additional debbuging for: ${ emphasis } $POSTFIX_mynetworks ${ reset } , as INBOUND_DEBUGGING='' ${ INBOUND_DEBUGGING } '' "
2020-10-23 17:40:11 +08:00
do_postconf -e " debug_peer_list= $POSTFIX_mynetworks "
2020-06-30 00:49:52 +08:00
sed -i -E 's/^[ \t]*#?[ \t]*LogWhy[ \t]*.+$/LogWhy yes/' /etc/opendkim/opendkim.conf
if ! egrep -q '^LogWhy' /etc/opendkim/opendkim.conf; then
echo >> /etc/opendkim/opendkim.conf
echo "LogWhy yes" >> /etc/opendkim/opendkim.conf
fi
else
2020-07-03 13:08:27 +08:00
info " Debugging is disabled. ${ reset } "
2020-06-30 00:49:52 +08:00
sed -i -E 's/^[ \t]*#?[ \t]*LogWhy[ \t]*.+$/LogWhy no/' /etc/opendkim/opendkim.conf
if ! egrep -q '^LogWhy' /etc/opendkim/opendkim.conf; then
echo >> /etc/opendkim/opendkim.conf
echo "LogWhy no" >> /etc/opendkim/opendkim.conf
fi
fi
}
postfix_setup_sender_domains( ) {
if [ ! -z " $ALLOWED_SENDER_DOMAINS " ] ; then
2020-07-03 13:08:27 +08:00
infon "Setting up allowed SENDER domains:"
2020-06-30 00:49:52 +08:00
allowed_senders = /etc/postfix/allowed_senders
rm -f $allowed_senders $allowed_senders .db > /dev/null
touch $allowed_senders
for i in $ALLOWED_SENDER_DOMAINS ; do
echo -ne " ${ emphasis } $i ${ reset } "
echo -e " $i \tOK " >> $allowed_senders
done
echo
2021-02-08 06:07:39 +08:00
postmap lmdb:$allowed_senders
2020-06-30 00:49:52 +08:00
2022-08-29 21:49:08 +08:00
if [ ! -z " $SMTPD_SASL_USERS " ] ; then
smtpd_sasl = "permit_sasl_authenticated,"
fi
do_postconf -e " smtpd_recipient_restrictions=reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_sender_access lmdb: $allowed_senders , $smtpd_sasl reject "
2020-06-30 00:49:52 +08:00
# Since we are behind closed doors, let's just permit all relays.
2020-10-23 17:40:11 +08:00
do_postconf -e "smtpd_relay_restrictions=permit"
2020-06-30 00:49:52 +08:00
elif [ -z " $ALLOW_EMPTY_SENDER_DOMAINS " ] ; then
2020-08-16 05:52:22 +08:00
error "You need to specify ALLOWED_SENDER_DOMAINS otherwise Postfix will not run!"
2020-06-30 00:49:52 +08:00
exit 1
fi
}
postfix_setup_masquarading( ) {
if [ ! -z " $MASQUERADED_DOMAINS " ] ; then
2020-07-03 13:08:27 +08:00
notice " Setting up address masquerading: ${ emphasis } $MASQUERADED_DOMAINS ${ reset } "
2020-10-23 17:40:11 +08:00
do_postconf -e " masquerade_domains = $MASQUERADED_DOMAINS "
do_postconf -e "local_header_rewrite_clients = static:all"
2020-06-30 00:49:52 +08:00
fi
}
postfix_setup_header_checks( ) {
if [ ! -z " $SMTP_HEADER_CHECKS " ] ; then
if [ " $SMTP_HEADER_CHECKS " = = "1" ] ; then
2020-07-03 13:08:27 +08:00
info "Using default file for SMTP header checks"
2020-06-30 00:49:52 +08:00
SMTP_HEADER_CHECKS = "regexp:/etc/postfix/smtp_header_checks"
fi
FORMAT = $( echo " $SMTP_HEADER_CHECKS " | cut -d: -f1)
FILE = $( echo " $SMTP_HEADER_CHECKS " | cut -d: -f2-)
if [ " $FORMAT " = = " $FILE " ] ; then
2020-07-03 13:08:27 +08:00
warn " No Postfix format defined for file ${ emphasis } SMTP_HEADER_CHECKS ${ reset } . Using default ${ emphasis } regexp ${ reset } . To avoid this message, set format explicitly, e.g. ${ emphasis } SMTP_HEADER_CHECKS=regexp: $SMTP_HEADER_CHECKS ${ reset } . "
2020-06-30 00:49:52 +08:00
FORMAT = "regexp"
fi
if [ -f " $FILE " ] ; then
2020-07-03 13:08:27 +08:00
notice " Setting up ${ emphasis } smtp_header_checks ${ reset } to ${ emphasis } $FORMAT : $FILE ${ reset } "
2020-10-23 17:40:11 +08:00
do_postconf -e " smtp_header_checks= $FORMAT : $FILE "
2020-06-30 00:49:52 +08:00
else
2020-07-03 13:08:27 +08:00
fatal " File ${ emphasis } $FILE ${ reset } cannot be found. Please make sure your SMTP_HEADER_CHECKS variable points to the right file. Startup aborted. "
2020-06-30 00:49:52 +08:00
exit 2
fi
fi
}
postfix_setup_dkim( ) {
2020-07-03 13:08:27 +08:00
local DKIM_ENABLED
local domain_dkim_selector
local private_key
local dkim_socket
local domain
local any_generated
local file
if [ [ -n " ${ DKIM_AUTOGENERATE } " ] ] ; then
info " ${ emphasis } DKIM_AUTOGENERATE ${ reset } set -- will try to auto-generate keys for ${ emphasis } ${ ALLOWED_SENDER_DOMAINS } ${ reset } . "
mkdir -p /etc/opendkim/keys
if [ [ -n " ${ ALLOWED_SENDER_DOMAINS } " ] ] ; then
for domain in ${ ALLOWED_SENDER_DOMAINS } ; do
private_key = /etc/opendkim/keys/${ domain } .private
if [ [ -f " ${ private_key } " ] ] ; then
2020-10-23 18:51:02 +08:00
info " Key for domain ${ emphasis } ${ domain } ${ reset } already exists in ${ emphasis } ${ private_key } ${ reset } . Will not overwrite. "
2020-07-03 13:08:27 +08:00
else
notice " Auto-generating DKIM key for ${ emphasis } ${ domain } ${ reset } into ${ private_key } . "
(
cd /tmp
domain_dkim_selector = " $( get_dkim_selector " ${ domain } " ) "
opendkim-genkey -b 2048 -h rsa-sha256 -r -v --subdomains -s ${ domain_dkim_selector } -d $domain
# Fixes https://github.com/linode/docs/pull/620
sed -i 's/h=rsa-sha256/h=sha256/' ${ domain_dkim_selector } .txt
mv -v ${ domain_dkim_selector } .private /etc/opendkim/keys/${ domain } .private
mv -v ${ domain_dkim_selector } .txt /etc/opendkim/keys/${ domain } .txt
2020-10-23 18:51:02 +08:00
# Fixes #39
chown opendkim:opendkim /etc/opendkim/keys/${ domain } .private
2020-10-23 19:20:31 +08:00
chmod 400 /etc/opendkim/keys/${ domain } .private
2020-10-23 18:51:02 +08:00
chown opendkim:opendkim /etc/opendkim/keys/${ domain } .txt
chmod 644 /etc/opendkim/keys/${ domain } .txt
2020-07-03 13:08:27 +08:00
) | sed 's/^/ /'
any_generated = 1
fi
done
if [ [ -n " ${ any_generated } " ] ] ; then
notice "New DKIM keys have been generated! Please make sure to update your DNS records! You need to add the following details:"
for file in /etc/opendkim/keys/*.txt; do
echo " ====== $file ====== "
cat $file
done
echo
fi
else
warn " DKIM auto-generate requested, but ${ emphasis } ALLOWED_SENDER_DOMAINS ${ reset } not set. Nothing to generate! "
fi
else
debug " ${ emphasis } DKIM_AUTOGENERATE ${ reset } not set -- you will need to provide your own keys. "
fi
2020-06-30 00:49:52 +08:00
if [ -d /etc/opendkim/keys ] && [ ! -z " $( find /etc/opendkim/keys -type f ! -name .) " ] ; then
DKIM_ENABLED = " , ${ emphasis } opendkim ${ reset } "
2020-07-03 13:08:27 +08:00
notice "Configuring OpenDKIM."
2020-06-30 00:49:52 +08:00
mkdir -p /var/run/opendkim
chown -R opendkim:opendkim /var/run/opendkim
dkim_socket = $( cat /etc/opendkim/opendkim.conf | egrep ^Socket | awk '{ print $2 }' )
if [ $( echo " $dkim_socket " | cut -d: -f1) = = "inet" ] ; then
dkim_socket = $( echo " $dkim_socket " | cut -d: -f2)
dkim_socket = " inet: $( echo " $dkim_socket " | cut -d@ -f2) : $( echo " $dkim_socket " | cut -d@ -f1) "
fi
echo -e " ...using socket $dkim_socket "
2020-10-23 17:40:11 +08:00
do_postconf -e "milter_protocol=6"
do_postconf -e "milter_default_action=accept"
do_postconf -e " smtpd_milters= $dkim_socket "
do_postconf -e " non_smtpd_milters= $dkim_socket "
2020-06-30 00:49:52 +08:00
echo > /etc/opendkim/TrustedHosts
echo > /etc/opendkim/KeyTable
echo > /etc/opendkim/SigningTable
# Since it's an internal service anyways, it's safe
# to assume that *all* hosts are trusted.
echo "0.0.0.0/0" > /etc/opendkim/TrustedHosts
if [ ! -z " $ALLOWED_SENDER_DOMAINS " ] ; then
2020-07-03 13:08:27 +08:00
for domain in $ALLOWED_SENDER_DOMAINS ; do
private_key = /etc/opendkim/keys/${ domain } .private
2020-06-30 00:49:52 +08:00
if [ -f $private_key ] ; then
2020-07-03 13:08:27 +08:00
domain_dkim_selector = " $( get_dkim_selector " ${ domain } " ) "
echo -e " ...for domain ${ emphasis } ${ domain } ${ reset } (selector: ${ emphasis } ${ domain_dkim_selector } ${ reset } ) "
2020-12-11 23:22:22 +08:00
if ! su opendkim -s /bin/bash -c " cat /etc/opendkim/keys/ ${ domain } .private " > /dev/null 2>& 1; then
2020-10-23 19:20:31 +08:00
echo -e " ...trying to reown ${ emphasis } ${ private_key } ${ reset } as it's not readable by OpenDKIM... "
# Fixes #39
chown opendkim:opendkim " ${ private_key } "
chmod u+r " ${ private_key } "
fi
2020-07-03 13:08:27 +08:00
echo " ${ domain_dkim_selector } ._domainkey. ${ domain } ${ domain } : ${ domain_dkim_selector } : ${ private_key } " >> /etc/opendkim/KeyTable
2020-08-20 14:20:41 +08:00
echo " *@ ${ domain } ${ domain_dkim_selector } ._domainkey. ${ domain } " >> /etc/opendkim/SigningTable
2020-06-30 00:49:52 +08:00
else
2020-07-03 13:08:27 +08:00
error " Skipping DKIM for domain ${ emphasis } ${ domain } ${ reset } . File ${ private_key } not found! "
2020-06-30 00:49:52 +08:00
fi
done
fi
else
2020-07-03 13:08:27 +08:00
info "No DKIM keys found, will not use DKIM."
2020-10-23 17:40:11 +08:00
do_postconf -# smtpd_milters
do_postconf -# non_smtpd_milters
2020-06-30 00:49:52 +08:00
fi
}
2020-07-01 19:50:08 +08:00
opendkim_custom_commands( ) {
local setting
local key
local padded_key
local value
for setting in ${ !OPENDKIM_* } ; do
key = " ${ setting : 9 } "
value = " ${ !setting } "
if [ -n " ${ value } " ] ; then
if [ " ${# key } " -gt 23 ] ; then
padded_key = " ${ key } "
else
padded_key = " $( printf %-24s " ${ key } " ) "
fi
if cat /etc/opendkim/opendkim.conf | egrep -q " ^[[:space:]]*#?[[:space:]]* ${ key } " ; then
2020-07-03 13:08:27 +08:00
info " Updating custom OpenDKIM setting: ${ emphasis } ${ key } = ${ value } ${ reset } "
2020-07-01 19:50:08 +08:00
sed -i -E " s/^[ \t]*#?[ \t]* ${ key } [ \t]*.+ $/ ${ padded_key } ${ value } / " /etc/opendkim/opendkim.conf
else
2020-07-03 13:08:27 +08:00
info " Adding custom OpenDKIM setting: ${ emphasis } ${ key } = ${ value } ${ reset } "
2020-07-01 19:50:08 +08:00
echo " Adding ${ padded_key } ${ value } "
echo " ${ padded_key } ${ value } " >> /etc/opendkim/opendkim.conf
fi
else
2020-07-03 13:08:27 +08:00
info " Deleting custom OpenDKIM setting: ${ emphasis } ${ key } ${ reset } "
2020-07-01 19:50:08 +08:00
sed -i -E " /^[ \t]*#?[ \t]* ${ key } [ \t]*.+ $/d " /etc/opendkim/opendkim.conf
fi
done
}
postfix_custom_commands( ) {
local setting
local key
local value
for setting in ${ !POSTFIX_* } ; do
key = " ${ setting : 8 } "
value = " ${ !setting } "
if [ -n " ${ value } " ] ; then
2020-07-03 13:08:27 +08:00
info " Applying custom postfix setting: ${ emphasis } ${ key } = ${ value } ${ reset } "
2020-10-23 17:40:11 +08:00
do_postconf -e " ${ key } = ${ value } "
2020-07-01 19:50:08 +08:00
else
2020-07-03 13:08:27 +08:00
info " Deleting custom postfix setting: ${ emphasis } ${ key } ${ reset } "
2020-10-23 17:40:11 +08:00
do_postconf -# " ${ key } "
2020-07-01 19:50:08 +08:00
fi
done
}
2020-06-30 00:49:52 +08:00
postfix_open_submission_port( ) {
# Use 587 (submission)
sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf
}
execute_post_init_scripts( ) {
if [ -d /docker-init.db/ ] ; then
2020-07-03 13:08:27 +08:00
notice "Executing any found custom scripts..."
2020-06-30 00:49:52 +08:00
for f in /docker-init.db/*; do
case " $f " in
2021-05-19 04:42:16 +08:00
*.sh)
if [ [ -x " $f " ] ] ; then
echo -e " \tsourcing ${ emphasis } $f ${ reset } "
. " $f "
else
echo -e " \trunning ${ emphasis } bash $f ${ reset } "
2021-05-30 00:21:02 +08:00
bash " $f "
2021-05-19 04:42:16 +08:00
fi
; ;
*)
echo " $0 : ignoring $f " ; ;
2020-06-30 00:49:52 +08:00
esac
done
fi
2020-08-20 14:20:41 +08:00
}
2020-11-06 17:52:17 +08:00
unset_sensible_variables( ) {
unset RELAYHOST_PASSWORD
unset XOAUTH2_CLIENT_ID
unset XOAUTH2_SECRET
unset XOAUTH2_INITIAL_ACCESS_TOKEN
unset XOAUTH2_INITIAL_REFRESH_TOKEN
2022-08-29 21:49:08 +08:00
unset SMTPD_SASL_USERS
2020-12-11 23:22:22 +08:00
}