ibu/ansible-mailserver-debian
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add sender rewriting scheme (SRS).

Browse source
This commit is contained in:
iburadempa 2020-09-12 13:58:52 +02:00
parent f24ce8295d
commit 43fd2da518
4 changed files with 116 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

75
mail_system/templates/postfix/sender_canonical_maps.cf
View file

@ -1,5 +1,21 @@
# THIS FILE IS CONTROLLED BY ANSIBLE - DO NOT CHANGE IN DEPLOYMENT!
# Rewrite envelope sender addresses:
# - if the sender address has a local domain, then add our verp_marker
# - else implement sender rewriting scheme (cf.
# https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme,
# http://www.libsrs2.org/srs/srs.pdf
# ):
# * if the address does not begin with SRS0 or SRS1:
# rewrite address to srs0={random_bigint}@main_local_domain
# * if the address begins with SRS0:
# replace SRS0 with srs1={random_bigint}= and
# replace the domain with our main local domain
# * if the address begins with SRS0:
# replace the domain with our main local domain
# The main local domain is the first domain with a name
# that is not equal to 'role_specific'.
# The random_bigint has at not 15 decimal digits.
# man pgsql_table
@ -7,15 +23,50 @@ user = {{ mailserver.postgresql.username }}
password = {{ mailserver.postgresql.password }}
dbname = {{ mailserver.postgresql.dbname }}
hosts = {{ mailserver.postgresql.host }}
query = insert into mail_from (id, original, rewritten)
values (nextval('mail_from_id_seq'), '%s',
case
when regexp_replace('%s', '.*@([^@]+)$', '\1') in (select name from domains)
then case
when '%s'~*'{{ mailserver.postfix.verp_marker }}-\d+@'
then '%s'
else regexp_replace('%s', '^(.*)@[^@]+$', '\1') || case when '%s'~'\+' then '{{ mailserver.postfix.verp_marker }}-' else '+{{ mailserver.postfix.verp_marker }}-' end || lastval()::text || '@' || regexp_replace('%s', '.*@([^@]+)$', '\1')
end
else '%s'
end
) returning rewritten
query =
with
rnd as (select (random() * 1000000000000000)::bigint v),
mydomains as (select regexp_replace('%s', '.*@([^@]+)$', '\1') in (select name from domains) v),
srs0 as (select lower(substr('%s', 1, 4)) = 'srs0' v),
srs1 as (select lower(substr('%s', 1, 4)) = 'srs1' v),
new_row as (
select
nextval('mail_from_id_seq') new_id,
'%s' original,
case
when mydomains.v and not srs0.v and not srs1.v
then
case
when '%s'~*'\+{{ mailserver.postfix.verp_marker }}-\d+@'
then '%s'
else regexp_replace('%s', '^(.*)@[^@]+$', '\1') || '+{{ mailserver.postfix.verp_marker }}-'
|| lastval()::text || '@' || regexp_replace('%s', '.*@([^@]+)$', '\1')
end
else
case
when not mydomains.v and not srs0.v and not srs1.v
then 'SRS0=' || LPAD(rnd.v::text, 15 , '0') || '@' || (select name from domains where name<>'role_specific' order by id limit 1)
else
case
when srs0.v
then
case
when mydomains.v
then '%s'
else 'SRS1=' || LPAD(rnd.v::text, 15 , '0') || '='
|| regexp_replace(substr('%s', 5), '^(.*)@[^@]+$', '\1@'
|| (select name from domains where name<>'role_specific' order by id limit 1))
end
else regexp_replace('%s', '^(.*)@[^@]+$', '\1@' || (select name from domains where name<>'role_specific' order by id limit 1))
end
end
end rewritten,
rnd.v srs_id
from rnd, mydomains, srs0, srs1
where '%s' <> '""'
),
ins_row as (insert into mail_from (id, original, rewritten, srs_id)
select new_row.new_id, new_row.original, new_row.rewritten, case when mydomains.v and not srs0.v and not srs1.v then null else new_row.srs_id end
from new_row, mydomains, srs0, srs1 where new_row.original<>new_row.rewritten),
orig(o) as (values('%s'))
select rewritten from new_row