paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Postfix] Merge syslog filters 

[Postfix] Create sasl_access map; Use JSON_VALUE and remove unnecessary like command
master
andryyy 2020-09-17 19:47:11 +02:00
parent 09ec4fcd81
commit 85b027aa9d
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
3 changed files with 29 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
data/Dockerfiles/postfix/postfix.sh
View File

@ -97,7 +97,7 @@ query = SELECT IF(EXISTS(
SELECT CONCAT('%u', '@', target_domain) FROM alias_domain SELECT CONCAT('%u', '@', target_domain) FROM alias_domain
WHERE alias_domain='%d' WHERE alias_domain='%d'
) )
) AND json_extract(attributes, '$.tls_enforce_in') LIKE '%%1%%' AND mailbox.active = '1' ) AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.tls_enforce_in')) = '1' AND mailbox.active = '1'
), 'reject_plaintext_session', NULL) AS 'tls_enforce_in'; ), 'reject_plaintext_session', NULL) AS 'tls_enforce_in';
EOF EOF
@ -117,7 +117,7 @@ query = SELECT GROUP_CONCAT(transport SEPARATOR '') AS transport_maps
WHERE alias_domain = '%d' WHERE alias_domain = '%d'
) )
) )
AND json_extract(attributes, '$.tls_enforce_out') LIKE '%%1%%' AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.tls_enforce_out')) = '1'
AND mailbox.active = '1' AND mailbox.active = '1'
), 'smtp_enforced_tls:', 'smtp:') AS 'transport' ), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
UNION ALL UNION ALL
@ -264,7 +264,7 @@ user = ${DBUSER}
password = ${DBPASS} password = ${DBPASS}
hosts = unix:/var/run/mysqld/mysqld.sock hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${DBNAME} dbname = ${DBNAME}
query = SELECT CONCAT(JSON_UNQUOTE(JSON_EXTRACT(attributes, '$.mailbox_format')), mailbox_path_prefix, '%d/%u/') FROM mailbox WHERE username='%s' AND (active = '1' OR active = '2') query = SELECT CONCAT(JSON_UNQUOTE(JSON_VALUE(attributes, '$.mailbox_format')), mailbox_path_prefix, '%d/%u/') FROM mailbox WHERE username='%s' AND (active = '1' OR active = '2')
EOF EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
@ -318,6 +318,16 @@ query = SELECT goto FROM alias
AND alias_domain.active='1' AND alias_domain.active='1'
EOF EOF
# Reject sasl usernames with smtp disabled
cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_access_maps.cf
# Autogenerated by mailcow
user = ${DBUSER}
password = ${DBPASS}
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${DBNAME}
query = SELECT 'REJECT' FROM mailbox WHERE username = '%u' AND JSON_UNQUOTE(JSON_VALUE(attributes, '$.smtp_access')) = '0';
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf
# Autogenerated by mailcow # Autogenerated by mailcow
user = ${DBUSER} user = ${DBUSER}

14
data/Dockerfiles/postfix/syslog-ng-redis_slave.conf
View File

@ -35,15 +35,17 @@ filter f_mail { facility(mail); };
# start # start
# overriding warnings are still displayed when the entrypoint runs its initial check # overriding warnings are still displayed when the entrypoint runs its initial check
# warnings logged by postfix-mailcow to syslog are hidden to reduce repeating msgs # warnings logged by postfix-mailcow to syslog are hidden to reduce repeating msgs
filter f_overrides { not match("overriding earlier entry" value("MESSAGE")); }; # Some other warnings are ignored
filter f_ignore {
not match("overriding earlier entry" value("MESSAGE"));
not match("TLS SNI from checks.mailcow.email" value("MESSAGE"));
not match("no SASL support" value("MESSAGE"));
not facility (local0, local1, local2, local3, local4, local5, local6, local7);
};
# end # end
filter f_skip_local { not facility (local0, local1, local2, local3, local4, local5, local6, local7); };
filter f_checks { not match("TLS SNI from checks.mailcow.email" value("MESSAGE")); };
log { log {
source(s_src); source(s_src);
filter(f_skip_local); filter(f_ignore);
filter(f_overrides);
filter(f_checks);
destination(d_stdout); destination(d_stdout);
filter(f_mail); filter(f_mail);
destination(d_redis_ui_log); destination(d_redis_ui_log);

14
data/Dockerfiles/postfix/syslog-ng.conf
View File

@ -35,15 +35,17 @@ filter f_mail { facility(mail); };
# start # start
# overriding warnings are still displayed when the entrypoint runs its initial check # overriding warnings are still displayed when the entrypoint runs its initial check
# warnings logged by postfix-mailcow to syslog are hidden to reduce repeating msgs # warnings logged by postfix-mailcow to syslog are hidden to reduce repeating msgs
filter f_overrides { not match("overriding earlier entry" value("MESSAGE")); }; # Some other warnings are ignored
filter f_ignore {
not match("overriding earlier entry" value("MESSAGE"));
not match("TLS SNI from checks.mailcow.email" value("MESSAGE"));
not match("no SASL support" value("MESSAGE"));
not facility (local0, local1, local2, local3, local4, local5, local6, local7);
};
# end # end
filter f_skip_local { not facility (local0, local1, local2, local3, local4, local5, local6, local7); };
filter f_checks { not match("TLS SNI from checks.mailcow.email" value("MESSAGE")); };
log { log {
source(s_src); source(s_src);
filter(f_skip_local); filter(f_ignore);
filter(f_overrides);
filter(f_checks);
destination(d_stdout); destination(d_stdout);
filter(f_mail); filter(f_mail);
destination(d_redis_ui_log); destination(d_redis_ui_log);