mailserver: add VERP marking of outgoing an unmarking of incoming mails

This commit is contained in:
iburadempa 2019-10-11 18:14:38 +02:00
parent 57de8e095f
commit b0bc240ee5
6 changed files with 73 additions and 0 deletions

View file

@ -27,9 +27,12 @@
# overwrite_config: no # overwrite_config: no
# reject_sender_login_mismatch: yes # reject_sender_login_mismatch: yes
# mynetworks: "10.0.0.0/24 [2a01:XXXX:XXXX:XXXX::]/64" # mynetworks: "10.0.0.0/24 [2a01:XXXX:XXXX:XXXX::]/64"
# verp_marker: rstxyz
# dovecot: # dovecot:
# auth_default_realm: mymaindomain.org # auth_default_realm: mymaindomain.org
# #
# Take care thate the verp_marker only contains [a-z0-9]+ (NO UPPER CASE LETTERS!).
#
# (Use ansible-vault encrypt_string zo encrypt the password.) # (Use ansible-vault encrypt_string zo encrypt the password.)
# #
# TODOs after running this playbook: # TODOs after running this playbook:

View file

@ -131,3 +131,30 @@
table: shared_folders_anyone table: shared_folders_anyone
columns: from_user columns: from_user
idxname: shared_folders__from idxname: shared_folders__from
- name: database table mail_from
postgresql_table:
login_host: "{{ mailserver.postgresql.host }}"
port: "{{ mailserver.postgresql.port }}"
login_user: "{{ mailserver.postgresql.username }}"
login_password: "{{ mailserver.postgresql.password }}"
db: "{{ mailserver.postgresql.dbname }}"
ssl_mode: disable
name: mail_from
columns:
- id bigserial primary key
- t timestamp default now()
- original varchar(250) not null
- rewritten varchar(250) not null
- name: database index mail_from__rewritten
postgresql_idx:
login_host: "{{ mailserver.postgresql.host }}"
port: "{{ mailserver.postgresql.port }}"
login_user: "{{ mailserver.postgresql.username }}"
login_password: "{{ mailserver.postgresql.password }}"
db: "{{ mailserver.postgresql.dbname }}"
ssl_mode: disable
table: mail_from
columns: rewritten
idxname: mail_from__rewritten

View file

@ -72,6 +72,8 @@
- relay_domains.cf - relay_domains.cf
- relay_recipient_maps.cf - relay_recipient_maps.cf
- transport_maps.cf - transport_maps.cf
- sender_canonical_maps.cf
- recipient_canonical_maps.cf
- name: restart postfix - name: restart postfix
systemd: systemd:

View file

@ -95,6 +95,16 @@ smtpd_relay_restrictions =
# rspamd # rspamd
# VERP marking
# Envelope sender addresses matching mydomains are marked.
# The marker is removed from envelope recipient addresses.
canonical_classes = envelope_sender, envelope_recipient
sender_canonical_classes = envelope_sender
sender_canonical_maps = pgsql:/etc/postfix/sender_canonical_maps.cf
recipient_canonical_classes = envelope_recipient
recipient_canonical_maps = pgsql:/etc/postfix/recipient_canonical_maps.cf
# useful for log analysis # useful for log analysis
enable_long_queue_ids = yes enable_long_queue_ids = yes

View file

@ -0,0 +1,10 @@
# THIS FILE IS CONTROLLED BY ANSIBLE - DO NOT CHANGE IN DEPLOYMENT!
# man pgsql_table
user = {{ mailserver.postgresql.username }}
password = {{ mailserver.postgresql.password }}
dbname = {{ mailserver.postgresql.dbname }}
hosts = {{ mailserver.postgresql.host }}
query = select regexp_replace('%s', '\+(.*){{ mailserver.postfix.verp_marker }}-\d+@', '+\1@')

View file

@ -0,0 +1,21 @@
# THIS FILE IS CONTROLLED BY ANSIBLE - DO NOT CHANGE IN DEPLOYMENT!
# man pgsql_table
user = {{ mailserver.postgresql.username }}
password = {{ mailserver.postgresql.password }}
dbname = {{ mailserver.postgresql.dbname }}
hosts = {{ mailserver.postgresql.host }}
query = insert into mail_from (id, original, rewritten)
values (nextval('mail_from_id_seq'), '%s',
case
when regexp_replace('%s', '.*@([^@]+)$', '\1') in (select name from domains)
then case
when '%s'~*'{{ mailserver.postfix.verp_marker }}-\d+@'
then '%s'
else regexp_replace('%s', '^(.*)@[^@]+$', '\1') || case when '%s'~'\+' then '{{ mailserver.postfix.verp_marker }}-' else '+{{ mailserver.postfix.verp_marker }}-' end || lastval()::text || '@' || regexp_replace('%s', '.*@([^@]+)$', '\1')
end
else '%s'
end
) on conflict (rewritten) do nothing returning rewritten