2017-03-02 18:23:23 +08:00
#!/bin/bash
trap "postfix stop" EXIT
2017-03-06 17:33:44 +08:00
[ [ ! -d /opt/postfix/conf/sql/ ] ] && mkdir -p /opt/postfix/conf/sql/
2018-07-25 07:05:51 +08:00
2019-08-09 20:08:58 +08:00
# Wait for MySQL to warm-up
while ! mysqladmin status --socket= /var/run/mysqld/mysqld.sock -u${ DBUSER } -p${ DBPASS } --silent; do
echo "Waiting for database to come up..."
sleep 2
done
2021-04-01 21:24:55 +08:00
until dig +short mailcow.email > /dev/null; do
2019-11-27 04:09:12 +08:00
echo "Waiting for DNS..."
2020-07-11 19:31:48 +08:00
sleep 1
2019-11-27 04:09:12 +08:00
done
2018-07-29 06:35:54 +08:00
cat <<EOF > /etc/aliases
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2018-07-29 06:35:54 +08:00
null: /dev/null
2019-09-05 05:06:29 +08:00
watchdog: /dev/null
2018-07-29 06:35:54 +08:00
ham: "|/usr/local/bin/rspamd-pipe-ham"
spam: "|/usr/local/bin/rspamd-pipe-spam"
EOF
2018-07-25 07:05:51 +08:00
newaliases;
2017-03-06 17:33:44 +08:00
2019-10-19 18:48:56 +08:00
# create sni configuration
2021-01-08 19:39:40 +08:00
if [ [ " ${ SKIP_LETS_ENCRYPT } " = ~ ^( [ yY] [ eE] [ sS] | [ yY] ) +$ ] ] ; then
echo -n "" > /opt/postfix/conf/sni.map
else
echo -n "" > /opt/postfix/conf/sni.map;
for cert_dir in /etc/ssl/mail/*/ ; do
if [ [ ! -f ${ cert_dir } domains ] ] || [ [ ! -f ${ cert_dir } cert.pem ] ] || [ [ ! -f ${ cert_dir } key.pem ] ] ; then
continue ;
fi
IFS = " " read -r -a domains <<< " $( cat " ${ cert_dir } domains " ) "
for domain in " ${ domains [@] } " ; do
echo -n " ${ domain } ${ cert_dir } key.pem ${ cert_dir } cert.pem " >> /opt/postfix/conf/sni.map;
echo "" >> /opt/postfix/conf/sni.map;
done
2019-10-19 18:48:56 +08:00
done
2021-01-08 19:39:40 +08:00
fi
2019-10-19 18:48:56 +08:00
postmap -F hash:/opt/postfix/conf/sni.map;
2020-04-04 02:39:53 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_relay_ne.cf
# Autogenerated by mailcow
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT IF( EXISTS( SELECT address, domain FROM alias
WHERE address = '%s'
AND domain IN (
SELECT domain FROM domain
WHERE backupmx = '1'
AND relay_all_recipients = '1'
AND relay_unknown_only = '1' )
) , 'lmtp:inet:dovecot:24' , NULL) AS 'transport'
EOF
2017-03-06 17:33:44 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
2017-10-11 17:22:48 +08:00
query = SELECT DISTINCT
CASE WHEN '%d' IN (
SELECT domain FROM domain
WHERE relay_all_recipients = 1
AND domain = '%d'
AND backupmx = 1
)
THEN '%s' ELSE (
SELECT goto FROM alias WHERE address = '%s' AND active = '1'
)
END AS result;
2017-03-06 17:33:44 +08:00
EOF
2018-10-04 20:34:53 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2018-10-04 20:34:53 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT CONCAT( policy, ' ' , parameters) AS tls_policy FROM tls_policy_override WHERE active = '1' AND dest = '%s'
EOF
2017-03-06 17:33:44 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
2017-10-11 17:22:48 +08:00
query = SELECT IF( EXISTS(
SELECT 'TLS_ACTIVE' FROM alias
LEFT OUTER JOIN mailbox ON mailbox.username = alias.goto
WHERE ( address = '%s'
OR address IN (
SELECT CONCAT( '%u' , '@' , target_domain) FROM alias_domain
WHERE alias_domain = '%d'
)
2020-09-18 01:47:11 +08:00
) AND JSON_UNQUOTE( JSON_VALUE( attributes, '$.tls_enforce_in' ) ) = '1' AND mailbox.active = '1'
2017-10-11 17:22:48 +08:00
) , 'reject_plaintext_session' , NULL) AS 'tls_enforce_in' ;
2017-03-06 17:33:44 +08:00
EOF
2017-07-23 02:39:54 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
2017-07-23 02:39:54 +08:00
query = SELECT GROUP_CONCAT( transport SEPARATOR '' ) AS transport_maps
FROM (
2017-10-11 17:22:48 +08:00
SELECT IF( EXISTS( SELECT 'smtp_type' FROM alias
LEFT OUTER JOIN mailbox ON mailbox.username = alias.goto
WHERE ( address = '%s'
OR address IN (
SELECT CONCAT( '%u' , '@' , target_domain) FROM alias_domain
WHERE alias_domain = '%d'
)
)
2020-09-18 01:47:11 +08:00
AND JSON_UNQUOTE( JSON_VALUE( attributes, '$.tls_enforce_out' ) ) = '1'
2017-10-11 17:22:48 +08:00
AND mailbox.active = '1'
) , 'smtp_enforced_tls:' , 'smtp:' ) AS 'transport'
2017-07-23 02:39:54 +08:00
UNION ALL
2021-05-26 20:02:27 +08:00
SELECT COALESCE(
( SELECT hostname FROM relayhosts
LEFT OUTER JOIN mailbox ON JSON_UNQUOTE( JSON_VALUE( mailbox.attributes, '$.relayhost' ) ) = relayhosts.id
WHERE relayhosts.active = '1'
AND (
mailbox.username IN ( SELECT alias.goto from alias
JOIN mailbox ON mailbox.username = alias.goto
WHERE alias.active = '1'
AND alias.address = '%s'
AND alias.address NOT LIKE '@%%'
)
)
) ,
( SELECT hostname FROM relayhosts
2017-10-11 17:22:48 +08:00
LEFT OUTER JOIN domain ON domain.relayhost = relayhosts.id
WHERE relayhosts.active = '1'
2021-05-26 20:02:27 +08:00
AND ( domain.domain = '%d'
OR domain.domain IN (
SELECT target_domain FROM alias_domain
WHERE alias_domain = '%d'
)
2017-10-11 17:22:48 +08:00
)
2021-05-26 20:02:27 +08:00
)
)
) AS transport_view;
2017-07-23 02:39:54 +08:00
EOF
2018-12-19 16:38:56 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_transport_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2018-12-19 16:38:56 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT CONCAT( 'smtp_via_transport_maps:' , nexthop) AS transport FROM transports
WHERE active = '1'
AND destination = '%s' ;
EOF
2019-06-09 22:49:38 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_resource_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2019-06-09 22:49:38 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT 'null@localhost' FROM mailbox
WHERE kind REGEXP 'location|thing|group' AND username = '%s' ;
EOF
2018-12-19 16:38:56 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-07-23 02:39:54 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-07-23 02:39:54 +08:00
dbname = ${ DBNAME }
2017-10-11 17:22:48 +08:00
query = SELECT CONCAT_WS( ':' , username, password) AS auth_data FROM relayhosts
WHERE id IN (
SELECT relayhost FROM domain
WHERE CONCAT( '@' , domain) = '%s'
2019-03-09 18:22:39 +08:00
OR domain IN (
SELECT target_domain FROM alias_domain WHERE CONCAT( '@' , alias_domain) = '%s'
2017-12-18 00:45:12 +08:00
)
2017-12-25 17:18:46 +08:00
)
2018-12-19 16:38:56 +08:00
AND active = '1'
AND username != '' ;
2019-03-09 19:30:36 +08:00
EOF
2018-12-19 16:38:56 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2018-12-19 16:38:56 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT CONCAT_WS( ':' , username, password) AS auth_data FROM transports
WHERE nexthop = '%s'
AND active = '1'
2018-12-25 22:02:50 +08:00
AND username != ''
LIMIT 1;
2017-03-06 17:33:44 +08:00
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
2017-10-11 17:22:48 +08:00
query = SELECT username FROM mailbox, alias_domain
WHERE alias_domain.alias_domain = '%d'
AND mailbox.username = CONCAT( '%u' , '@' , alias_domain.target_domain)
2020-04-29 17:00:00 +08:00
AND ( mailbox.active = '1' OR mailbox.active = '2' )
2017-10-11 17:22:48 +08:00
AND alias_domain.active= '1'
2017-03-06 17:33:44 +08:00
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_alias_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
2017-10-11 17:22:48 +08:00
query = SELECT goto FROM alias
WHERE address = '%s'
2020-06-06 07:12:31 +08:00
AND ( active = '1' OR active = '2' ) ;
2017-03-06 17:33:44 +08:00
EOF
2017-11-19 22:13:43 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-11-19 22:13:43 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-11-19 22:13:43 +08:00
dbname = ${ DBNAME }
query = SELECT bcc_dest FROM bcc_maps
WHERE local_dest = '%s'
AND type = 'rcpt'
AND active = '1' ;
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_sender_bcc_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-11-19 22:13:43 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-11-19 22:13:43 +08:00
dbname = ${ DBNAME }
query = SELECT bcc_dest FROM bcc_maps
WHERE local_dest = '%s'
AND type = 'sender'
AND active = '1' ;
EOF
2018-01-24 02:59:06 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2018-01-24 02:59:06 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2018-01-24 02:59:06 +08:00
dbname = ${ DBNAME }
query = SELECT new_dest FROM recipient_maps
WHERE old_dest = '%s'
AND active = '1' ;
EOF
2017-03-06 17:33:44 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
2017-10-11 17:22:48 +08:00
query = SELECT alias_domain from alias_domain WHERE alias_domain = '%s' AND active = '1'
UNION
SELECT domain FROM domain
WHERE domain = '%s'
AND active = '1'
AND backupmx = '0'
2017-03-06 17:33:44 +08:00
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
2020-09-18 01:47:11 +08:00
query = SELECT CONCAT( JSON_UNQUOTE( JSON_VALUE( attributes, '$.mailbox_format' ) ) , mailbox_path_prefix, '%d/%u/' ) FROM mailbox WHERE username = '%s' AND ( active = '1' OR active = '2' )
2017-03-06 17:33:44 +08:00
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '1' AND active = '1'
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
2017-10-11 17:22:48 +08:00
# First select queries domain and alias_domain to determine if domains are active.
query = SELECT goto FROM alias
WHERE address = '%s'
AND active = '1'
AND ( domain IN
( SELECT domain FROM domain
WHERE domain = '%d'
AND active = '1' )
OR domain in (
SELECT alias_domain FROM alias_domain
WHERE alias_domain = '%d'
AND active = '1'
)
)
UNION
SELECT logged_in_as FROM sender_acl
WHERE send_as = '@%d'
OR send_as = '%s'
2018-08-02 18:15:04 +08:00
OR send_as = '*'
2017-10-11 17:22:48 +08:00
OR send_as IN (
SELECT CONCAT( '@' ,target_domain) FROM alias_domain
WHERE alias_domain = '%d' )
OR send_as IN (
SELECT CONCAT( '%u' ,'@' ,target_domain) FROM alias_domain
WHERE alias_domain = '%d' )
AND logged_in_as NOT IN (
SELECT goto FROM alias
WHERE address = '%s' )
UNION
SELECT username FROM mailbox, alias_domain
WHERE alias_domain.alias_domain = '%d'
AND mailbox.username = CONCAT( '%u' ,'@' ,alias_domain.target_domain)
2020-04-29 17:00:00 +08:00
AND ( mailbox.active = '1' OR mailbox.active = '2' )
2017-10-11 17:22:48 +08:00
AND alias_domain.active= '1'
2017-03-06 17:33:44 +08:00
EOF
2021-05-28 16:40:41 +08:00
# MX based routing
cat <<EOF > /opt/postfix/conf/sql/mysql_mbr_access_maps.cf
# Autogenerated by mailcow
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT CONCAT( 'FILTER smtp_via_transport_maps:' , nexthop) as transport FROM transports
WHERE '%s' REGEXP destination
AND active = '1'
AND is_mx_based = '1' ;
EOF
2020-09-18 01:47:11 +08:00
# Reject sasl usernames with smtp disabled
cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_access_maps.cf
# Autogenerated by mailcow
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT 'REJECT' FROM mailbox WHERE username = '%u' AND JSON_UNQUOTE( JSON_VALUE( attributes, '$.smtp_access' ) ) = '0' ;
EOF
2017-03-06 17:33:44 +08:00
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 17:33:44 +08:00
dbname = ${ DBNAME }
2017-10-11 17:22:48 +08:00
query = SELECT goto FROM spamalias
WHERE address = '%s'
AND validity >= UNIX_TIMESTAMP( )
2017-03-06 17:33:44 +08:00
EOF
2017-03-02 18:23:23 +08:00
2019-09-03 00:37:05 +08:00
sed -i '/User overrides/q' /opt/postfix/conf/main.cf
echo >> /opt/postfix/conf/main.cf
2020-12-09 21:41:19 +08:00
touch /opt/postfix/conf/extra.cf
sed -i '/myhostname/d' /opt/postfix/conf/extra.cf
echo -e " myhostname = ${ MAILCOW_HOSTNAME } \n $( cat /opt/postfix/conf/extra.cf) " > /opt/postfix/conf/extra.cf
cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf
2019-09-03 00:37:05 +08:00
2019-11-13 03:44:43 +08:00
if [ ! -f /opt/postfix/conf/custom_transport.pcre ] ; then
echo "Creating dummy custom_transport.pcre"
touch /opt/postfix/conf/custom_transport.pcre
fi
2020-02-06 15:28:48 +08:00
if [ [ ! -f /opt/postfix/conf/custom_postscreen_whitelist.cidr ] ] ; then
echo "Creating dummy custom_postscreen_whitelist.cidr"
2021-01-12 02:23:32 +08:00
cat <<EOF > /opt/postfix/conf/custom_postscreen_whitelist.cidr
# Autogenerated by mailcow
# Rules are evaluated in the order as specified.
# Blacklist 192.168.* except 192.168.0.1.
# 192.168.0.1 permit
# 192.168.0.0/16 reject
EOF
2020-02-06 15:28:48 +08:00
fi
2020-09-28 22:23:49 +08:00
# Fix SMTP last login on slaves
sed -i " s/__REDIS_SLAVEOF_IP__/ ${ REDIS_SLAVEOF_IP } /g " /usr/local/bin/smtpd_last_login.sh
2017-04-06 04:19:41 +08:00
# Fix Postfix permissions
2019-11-13 03:44:43 +08:00
chown -R root:postfix /opt/postfix/conf/sql/ /opt/postfix/conf/custom_transport.pcre
chmod 640 /opt/postfix/conf/sql/*.cf /opt/postfix/conf/custom_transport.pcre
2017-04-06 04:19:41 +08:00
chgrp -R postdrop /var/spool/postfix/public
chgrp -R postdrop /var/spool/postfix/maildrop
postfix set-permissions
2017-04-09 05:36:46 +08:00
# Check Postfix configuration
2019-09-03 00:37:05 +08:00
postconf -c /opt/postfix/conf > /dev/null
2017-04-09 05:36:46 +08:00
2017-03-02 18:23:23 +08:00
if [ [ $? != 0 ] ] ; then
2017-10-11 17:22:48 +08:00
echo "Postfix configuration error, refusing to start."
exit 1
2017-03-02 18:23:23 +08:00
else
2017-10-11 17:22:48 +08:00
postfix -c /opt/postfix/conf start
sleep 126144000
2017-03-02 18:23:23 +08:00
fi