mailserver: add VERP marking of outgoing an unmarking of incoming mails
This commit is contained in:
parent
57de8e095f
commit
b0bc240ee5
6 changed files with 73 additions and 0 deletions
|
@ -27,9 +27,12 @@
|
||||||
# overwrite_config: no
|
# overwrite_config: no
|
||||||
# reject_sender_login_mismatch: yes
|
# reject_sender_login_mismatch: yes
|
||||||
# mynetworks: "10.0.0.0/24 [2a01:XXXX:XXXX:XXXX::]/64"
|
# mynetworks: "10.0.0.0/24 [2a01:XXXX:XXXX:XXXX::]/64"
|
||||||
|
# verp_marker: rstxyz
|
||||||
# dovecot:
|
# dovecot:
|
||||||
# auth_default_realm: mymaindomain.org
|
# auth_default_realm: mymaindomain.org
|
||||||
#
|
#
|
||||||
|
# Take care thate the verp_marker only contains [a-z0-9]+ (NO UPPER CASE LETTERS!).
|
||||||
|
#
|
||||||
# (Use ansible-vault encrypt_string zo encrypt the password.)
|
# (Use ansible-vault encrypt_string zo encrypt the password.)
|
||||||
#
|
#
|
||||||
# TODOs after running this playbook:
|
# TODOs after running this playbook:
|
||||||
|
|
|
@ -131,3 +131,30 @@
|
||||||
table: shared_folders_anyone
|
table: shared_folders_anyone
|
||||||
columns: from_user
|
columns: from_user
|
||||||
idxname: shared_folders__from
|
idxname: shared_folders__from
|
||||||
|
|
||||||
|
- name: database table mail_from
|
||||||
|
postgresql_table:
|
||||||
|
login_host: "{{ mailserver.postgresql.host }}"
|
||||||
|
port: "{{ mailserver.postgresql.port }}"
|
||||||
|
login_user: "{{ mailserver.postgresql.username }}"
|
||||||
|
login_password: "{{ mailserver.postgresql.password }}"
|
||||||
|
db: "{{ mailserver.postgresql.dbname }}"
|
||||||
|
ssl_mode: disable
|
||||||
|
name: mail_from
|
||||||
|
columns:
|
||||||
|
- id bigserial primary key
|
||||||
|
- t timestamp default now()
|
||||||
|
- original varchar(250) not null
|
||||||
|
- rewritten varchar(250) not null
|
||||||
|
|
||||||
|
- name: database index mail_from__rewritten
|
||||||
|
postgresql_idx:
|
||||||
|
login_host: "{{ mailserver.postgresql.host }}"
|
||||||
|
port: "{{ mailserver.postgresql.port }}"
|
||||||
|
login_user: "{{ mailserver.postgresql.username }}"
|
||||||
|
login_password: "{{ mailserver.postgresql.password }}"
|
||||||
|
db: "{{ mailserver.postgresql.dbname }}"
|
||||||
|
ssl_mode: disable
|
||||||
|
table: mail_from
|
||||||
|
columns: rewritten
|
||||||
|
idxname: mail_from__rewritten
|
||||||
|
|
|
@ -72,6 +72,8 @@
|
||||||
- relay_domains.cf
|
- relay_domains.cf
|
||||||
- relay_recipient_maps.cf
|
- relay_recipient_maps.cf
|
||||||
- transport_maps.cf
|
- transport_maps.cf
|
||||||
|
- sender_canonical_maps.cf
|
||||||
|
- recipient_canonical_maps.cf
|
||||||
|
|
||||||
- name: restart postfix
|
- name: restart postfix
|
||||||
systemd:
|
systemd:
|
||||||
|
|
|
@ -95,6 +95,16 @@ smtpd_relay_restrictions =
|
||||||
# rspamd
|
# rspamd
|
||||||
|
|
||||||
|
|
||||||
|
# VERP marking
|
||||||
|
# Envelope sender addresses matching mydomains are marked.
|
||||||
|
# The marker is removed from envelope recipient addresses.
|
||||||
|
canonical_classes = envelope_sender, envelope_recipient
|
||||||
|
sender_canonical_classes = envelope_sender
|
||||||
|
sender_canonical_maps = pgsql:/etc/postfix/sender_canonical_maps.cf
|
||||||
|
recipient_canonical_classes = envelope_recipient
|
||||||
|
recipient_canonical_maps = pgsql:/etc/postfix/recipient_canonical_maps.cf
|
||||||
|
|
||||||
|
|
||||||
# useful for log analysis
|
# useful for log analysis
|
||||||
enable_long_queue_ids = yes
|
enable_long_queue_ids = yes
|
||||||
|
|
||||||
|
|
10
mail_system/templates/postfix/recipient_canonical_maps.cf
Normal file
10
mail_system/templates/postfix/recipient_canonical_maps.cf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# THIS FILE IS CONTROLLED BY ANSIBLE - DO NOT CHANGE IN DEPLOYMENT!
|
||||||
|
|
||||||
|
|
||||||
|
# man pgsql_table
|
||||||
|
|
||||||
|
user = {{ mailserver.postgresql.username }}
|
||||||
|
password = {{ mailserver.postgresql.password }}
|
||||||
|
dbname = {{ mailserver.postgresql.dbname }}
|
||||||
|
hosts = {{ mailserver.postgresql.host }}
|
||||||
|
query = select regexp_replace('%s', '\+(.*){{ mailserver.postfix.verp_marker }}-\d+@', '+\1@')
|
21
mail_system/templates/postfix/sender_canonical_maps.cf
Normal file
21
mail_system/templates/postfix/sender_canonical_maps.cf
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# THIS FILE IS CONTROLLED BY ANSIBLE - DO NOT CHANGE IN DEPLOYMENT!
|
||||||
|
|
||||||
|
|
||||||
|
# man pgsql_table
|
||||||
|
|
||||||
|
user = {{ mailserver.postgresql.username }}
|
||||||
|
password = {{ mailserver.postgresql.password }}
|
||||||
|
dbname = {{ mailserver.postgresql.dbname }}
|
||||||
|
hosts = {{ mailserver.postgresql.host }}
|
||||||
|
query = insert into mail_from (id, original, rewritten)
|
||||||
|
values (nextval('mail_from_id_seq'), '%s',
|
||||||
|
case
|
||||||
|
when regexp_replace('%s', '.*@([^@]+)$', '\1') in (select name from domains)
|
||||||
|
then case
|
||||||
|
when '%s'~*'{{ mailserver.postfix.verp_marker }}-\d+@'
|
||||||
|
then '%s'
|
||||||
|
else regexp_replace('%s', '^(.*)@[^@]+$', '\1') || case when '%s'~'\+' then '{{ mailserver.postfix.verp_marker }}-' else '+{{ mailserver.postfix.verp_marker }}-' end || lastval()::text || '@' || regexp_replace('%s', '.*@([^@]+)$', '\1')
|
||||||
|
end
|
||||||
|
else '%s'
|
||||||
|
end
|
||||||
|
) on conflict (rewritten) do nothing returning rewritten
|
Loading…
Reference in a new issue