diff --git a/Dockerfile b/Dockerfile index 551fcd5..b1f52f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,12 +26,6 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=var-cache- --mount=type=tmpfs,target=/tmp \ --mount=type=bind,from=build-scripts,source=/build-scripts,target=/build-scripts \ sh /build-scripts/postfix-install.sh -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=var-cache-apt-$TARGETPLATFORM \ - --mount=type=cache,target=/var/lib/apt,sharing=locked,id=var-lib-apt-$TARGETPLATFORM \ - --mount=type=tmpfs,target=/var/cache/apk \ - --mount=type=tmpfs,target=/tmp \ - --mount=type=bind,from=build-scripts,source=/build-scripts,target=/build-scripts \ - python3 -m pip3 install msal # ============================ BUILD SASL XOAUTH2 ============================ FROM base AS sasl diff --git a/build-scripts/postfix-install.sh b/build-scripts/postfix-install.sh index 7aec3e7..63804ef 100644 --- a/build-scripts/postfix-install.sh +++ b/build-scripts/postfix-install.sh @@ -34,6 +34,8 @@ do_alpine() { musl-utils \ netcat-openbsd \ opendkim-utils \ + python3 \ + py3-pip rsyslog \ supervisor \ tzdata @@ -80,12 +82,15 @@ do_ubuntu() { opendkim-tools \ postfix-lmdb \ procps \ + python3 \ + python3-pip \ rsyslog \ sasl2-bin \ supervisor \ tzdata apt-get clean rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + } if [ -f /etc/alpine-release ]; then @@ -94,6 +99,13 @@ else do_ubuntu fi +# masl is needed for the sasl-xoauth2-tool. +PIP=pip +if command -v pip3 > /dev/null 2>&1; then + PIP=pip3 +fi +$PIP install --break-system-packages msal + # Some services (eg. cron) will complain if this file does not exists, even if it's empty. # The file is usually generated by update-locales, which is ran automatically when you do # `apt-get install locales`. So instead of adding another package, which at the moment we diff --git a/scripts/email-anonymizer.py b/scripts/email-anonymizer.py index b1552a6..b77026e 100644 --- a/scripts/email-anonymizer.py +++ b/scripts/email-anonymizer.py @@ -2,7 +2,7 @@ """ -Filter to anonyimize email addresses. It reads input line by line, +Filter to anonymize email addresses. It reads input line by line, finds all emails in the input and masks them using given filter. Big thanks to [Sergio Del Río Mayoral](https://github.com/sdelrio) @@ -26,8 +26,8 @@ logger = logging.getLogger(__name__) # BIG FAT NOTICE on emails and regular expressions: # If you're planning on using a regular expression to validate an email: don't. Emails # are much more complex than you would imagine and most regular expressions will not -# cover all usecases. Newer RFCs even allow for international (read: UTF-8) email addresses. -# Most of your favourite programming languages will have a dedicated library for validating +# cover all use cases. Newer RFCs even allow for international (read: UTF-8) email addresses. +# Most of your favorite programming languages will have a dedicated library for validating # addresses. # # This pattern below, should, however match anything that remotely looks like an email. @@ -85,7 +85,7 @@ class Filter(): start = match.start() email = match.group() - # Note that our regex will match thigs like "message-id=Issue1649523226559@postfix-mail.mail-system.svc.cluster.local" + # Note that our regex will match things like "message-id=Issue1649523226559@postfix-mail.mail-system.svc.cluster.local" # so we need to filter / check for these first if email.startswith(self.MESSAGE_ID_LINE): @@ -123,9 +123,9 @@ class Filter(): """ This filter will take an educated guess at how to best mask the emails, specifically: -* It will leave the first and the last letter of the local part (if it's oly one letter, it will get repated) +* It will leave the first and the last letter of the local part (if it's oly one letter, it will get repeated) * If the local part is in quotes, it will remove the quotes (Warning: if the email starts with a space, this might look weird in logs) -* It will replace all the letters inbetween with **ONE** asterisk +* It will replace all the letters in between with **ONE** asterisk * It will replace everything but a TLD with a star * Address-style domains will see the number replaced with stars