From 7273fcaafcf7719699d394da708b8d0e1911aaed Mon Sep 17 00:00:00 2001 From: chaosbunker Date: Tue, 18 Apr 2017 18:42:20 +0200 Subject: [PATCH] ported from mailcow 0.14 to work with mailcow-dockerized --- data/misc/mailcow-setup-relayhost.sh | 87 ++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100755 data/misc/mailcow-setup-relayhost.sh diff --git a/data/misc/mailcow-setup-relayhost.sh b/data/misc/mailcow-setup-relayhost.sh new file mode 100755 index 00000000..ab721ab4 --- /dev/null +++ b/data/misc/mailcow-setup-relayhost.sh @@ -0,0 +1,87 @@ +#!/bin/bash + +# Postfix smtp_tls_security_level should be set to "may" to try an +# encrypted connection. + +if [ "$EUID" -ne 0 ] + then echo "Please run as root" + exit 1 +fi + +# move into mailcow-dockerized base directory +cd ../../ + +if [[ ${1} == "reset" ]]; then + # Reset modified values to their defaults + sed -i "s/^relayhost\ \=.*/relayhost\ \=/" data/conf/postfix/main.cf + sed -i "s/^smtp\_sasl\_password\_maps.*/smtp\_sasl\_password\_maps\ \=/" data/conf/postfix/main.cf + sed -i "s/^smtp\_sasl\_security\_options.*/smtp\_sasl\_security\_options\ \=\ noplaintext\,\ noanonymous/" data/conf/postfix/main.cf + sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ no/" data/conf/postfix/main.cf + # Also delete the plaintext password file + rm -f data/conf/postfix/smarthost_passwd* + docker-compose exec postfix-mailcow postfix reload + # Exit last exit code + exit $? +elif [[ ${1} == "restore-string" ]]; then + # Set parameter value of smtp_sasl_password_maps + SMTPSASLPWDMAP="data/conf/postfix/smarthost_passwd" + # Get parameter value of relayhost + RELAYHOSTCFG=$(grep "relayhost\ =" data/conf/postfix/main.cf | awk '{print $3}') + # Exit if empty/unset + [[ -z ${RELAYHOSTCFG} ]] && exit 0 + # Replace ':' by ' ' (white space) + RELAYHOSTCFG=${RELAYHOSTCFG//\:/ } + # Replace '[' by '' (empty) + RELAYHOSTCFG=${RELAYHOSTCFG//\[/} + # Replace ']' by '' (empty) and create array of result + RELAYHOSTCFGARR=(${RELAYHOSTCFG//\]/}) + # Get 'username:password' from SASL password maps + # Grep relayhost without port and '[', ']' or ':' from SASL password map file without map type (e.g. 'hash:') + USRPWD=$(grep ${RELAYHOSTCFGARR[0]} $SMTPSASLPWDMAP | awk {'print $2'}) + # Replace ':' by ' ' and create array of result + USRPWDARR=(${USRPWD//:/ }) + # Echo script name, all values in RELAYHOSTCFGARR, first and second value in USRPWDARR + # Why? + # Host and port are required, so we can print the whole array RELAYHOSTCFGARR. + # Password might be empty, so we print them separately. + echo ${0} ${RELAYHOSTCFGARR[@]} \'${USRPWDARR[0]}\' \'${USRPWDARR[1]}\' + exit 0 +elif [[ -z ${1} ]] || [[ -z ${2} ]]; then + # Exit with code 1 if host and port are missing + echo "Usage: ${0} relayhost port (username) (password)" + echo "Username and password are optional parameters." + exit 1 +else + # Try a simple connection to host:port but don't recieve any data + # Abort after 3 seconds + if ! nc -z -v -w3 ${1} ${2} 2>/dev/null; then + echo "Connection to relayhost ${1} failed, aborting..." + exit 1 + fi + # Use exact hostname as relayhost, don't lookup the MX record of relayhost + sed -i "s/relayhost\ \=.*/relayhost\ \=\ \[${1}\]\:${2}/" data/conf/postfix/main.cf + if grep -q "smtp_sasl_password_maps" data/conf/postfix/main.cf + then + sed -i "s/^smtp\_sasl\_password\_maps.*/smtp_sasl\_password\_maps\ \=\ hash\:\/opt\/postfix\/conf\/smarthost\_passwd/" data/conf/postfix/main.cf + else + echo "smtp_sasl_password_maps = hash:/opt/postfix/conf/smarthost_passwd" >> data/conf/postfix/main.cf + fi + if grep -q "smtp_sasl_auth_enable" data/conf/postfix/main.cf + then + sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ yes/" data/conf/postfix/main.cf + else + echo "smtp_sasl_auth_enable = yes" >> data/conf/postfix/main.cf + fi + docker-compose exec postfix-mailcow postconf -e "smtp_sasl_password_maps = hash:/opt/postfix/conf/smarthost_passwd" + # We can use anonymous and plain-text authentication, too (be warned) + docker-compose exec postfix-mailcow postconf -e "smtp_sasl_security_options = " + docker-compose exec postfix-mailcow postconf -e "smtp_sasl_auth_enable = yes" + if [[ ! -z ${3} ]]; then + echo ${1} ${3}:${4} > data/conf/postfix/smarthost_passwd + docker-compose exec postfix-mailcow postmap /opt/postfix/conf/smarthost_passwd + fi + docker-compose exec postfix-mailcow chown root:postfix /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db + docker-compose exec postfix-mailcow chmod 660 /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db + docker-compose exec postfix-mailcow postfix reload + exit $? +fi