2017-03-02 11:23:23 +01:00
#!/bin/bash
trap "postfix stop" EXIT
2017-03-06 10:33:44 +01:00
[ [ ! -d /opt/postfix/conf/sql/ ] ] && mkdir -p /opt/postfix/conf/sql/
2018-07-25 01:05:51 +02:00
2019-08-09 14:08:58 +02:00
# Wait for MySQL to warm-up
while ! mysqladmin status --socket= /var/run/mysqld/mysqld.sock -u${ DBUSER } -p${ DBPASS } --silent; do
echo "Waiting for database to come up..."
sleep 2
done
2021-04-01 15:24:55 +02:00
until dig +short mailcow.email > /dev/null; do
2019-11-26 21:09:12 +01:00
echo "Waiting for DNS..."
2020-07-11 13:31:48 +02:00
sleep 1
2019-11-26 21:09:12 +01:00
done
2018-07-29 00:35:54 +02:00
cat <<EOF > /etc/aliases
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2018-07-29 00:35:54 +02:00
null: /dev/null
2019-09-04 23:06:29 +02:00
watchdog: /dev/null
2018-07-29 00:35:54 +02:00
ham: "|/usr/local/bin/rspamd-pipe-ham"
spam: "|/usr/local/bin/rspamd-pipe-spam"
EOF
2018-07-25 01:05:51 +02:00
newaliases;
2017-03-06 10:33:44 +01:00
2019-10-19 12:48:56 +02:00
# create sni configuration
2021-01-08 12:39:40 +01:00
if [ [ " ${ SKIP_LETS_ENCRYPT } " = ~ ^( [ yY] [ eE] [ sS] | [ yY] ) +$ ] ] ; then
echo -n "" > /opt/postfix/conf/sni.map
else
echo -n "" > /opt/postfix/conf/sni.map;
for cert_dir in /etc/ssl/mail/*/ ; do
if [ [ ! -f ${ cert_dir } domains ] ] || [ [ ! -f ${ cert_dir } cert.pem ] ] || [ [ ! -f ${ cert_dir } key.pem ] ] ; then
continue ;
fi
IFS = " " read -r -a domains <<< " $( cat " ${ cert_dir } domains " ) "
for domain in " ${ domains [@] } " ; do
echo -n " ${ domain } ${ cert_dir } key.pem ${ cert_dir } cert.pem " >> /opt/postfix/conf/sni.map;
echo "" >> /opt/postfix/conf/sni.map;
done
2019-10-19 12:48:56 +02:00
done
2021-01-08 12:39:40 +01:00
fi
2019-10-19 12:48:56 +02:00
postmap -F hash:/opt/postfix/conf/sni.map;
2020-04-03 20:39:53 +02:00
cat <<EOF > /opt/postfix/conf/sql/mysql_relay_ne.cf
# Autogenerated by mailcow
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT IF( EXISTS( SELECT address, domain FROM alias
WHERE address = '%s'
AND domain IN (
SELECT domain FROM domain
WHERE backupmx = '1'
AND relay_all_recipients = '1'
AND relay_unknown_only = '1' )
) , 'lmtp:inet:dovecot:24' , NULL) AS 'transport'
EOF
2017-03-06 10:33:44 +01:00
cat <<EOF > /opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
2017-10-11 11:22:48 +02:00
query = SELECT DISTINCT
CASE WHEN '%d' IN (
SELECT domain FROM domain
WHERE relay_all_recipients = 1
AND domain = '%d'
AND backupmx = 1
)
THEN '%s' ELSE (
SELECT goto FROM alias WHERE address = '%s' AND active = '1'
)
END AS result;
2017-03-06 10:33:44 +01:00
EOF
2018-10-04 14:34:53 +02:00
cat <<EOF > /opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2018-10-04 14:34:53 +02:00
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT CONCAT( policy, ' ' , parameters) AS tls_policy FROM tls_policy_override WHERE active = '1' AND dest = '%s'
EOF
2017-03-06 10:33:44 +01:00
cat <<EOF > /opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
2017-10-11 11:22:48 +02:00
query = SELECT IF( EXISTS(
SELECT 'TLS_ACTIVE' FROM alias
LEFT OUTER JOIN mailbox ON mailbox.username = alias.goto
WHERE ( address = '%s'
OR address IN (
SELECT CONCAT( '%u' , '@' , target_domain) FROM alias_domain
WHERE alias_domain = '%d'
)
2020-09-17 19:47:11 +02:00
) AND JSON_UNQUOTE( JSON_VALUE( attributes, '$.tls_enforce_in' ) ) = '1' AND mailbox.active = '1'
2017-10-11 11:22:48 +02:00
) , 'reject_plaintext_session' , NULL) AS 'tls_enforce_in' ;
2017-03-06 10:33:44 +01:00
EOF
2017-07-22 20:39:54 +02:00
cat <<EOF > /opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
2017-07-22 20:39:54 +02:00
query = SELECT GROUP_CONCAT( transport SEPARATOR '' ) AS transport_maps
FROM (
2017-10-11 11:22:48 +02:00
SELECT IF( EXISTS( SELECT 'smtp_type' FROM alias
LEFT OUTER JOIN mailbox ON mailbox.username = alias.goto
WHERE ( address = '%s'
OR address IN (
SELECT CONCAT( '%u' , '@' , target_domain) FROM alias_domain
WHERE alias_domain = '%d'
)
)
2020-09-17 19:47:11 +02:00
AND JSON_UNQUOTE( JSON_VALUE( attributes, '$.tls_enforce_out' ) ) = '1'
2017-10-11 11:22:48 +02:00
AND mailbox.active = '1'
) , 'smtp_enforced_tls:' , 'smtp:' ) AS 'transport'
2017-07-22 20:39:54 +02:00
UNION ALL
2021-05-26 14:02:27 +02:00
SELECT COALESCE(
( SELECT hostname FROM relayhosts
LEFT OUTER JOIN mailbox ON JSON_UNQUOTE( JSON_VALUE( mailbox.attributes, '$.relayhost' ) ) = relayhosts.id
WHERE relayhosts.active = '1'
AND (
mailbox.username IN ( SELECT alias.goto from alias
JOIN mailbox ON mailbox.username = alias.goto
WHERE alias.active = '1'
AND alias.address = '%s'
AND alias.address NOT LIKE '@%%'
)
)
) ,
( SELECT hostname FROM relayhosts
2017-10-11 11:22:48 +02:00
LEFT OUTER JOIN domain ON domain.relayhost = relayhosts.id
WHERE relayhosts.active = '1'
2021-05-26 14:02:27 +02:00
AND ( domain.domain = '%d'
OR domain.domain IN (
SELECT target_domain FROM alias_domain
WHERE alias_domain = '%d'
)
2017-10-11 11:22:48 +02:00
)
2021-05-26 14:02:27 +02:00
)
)
) AS transport_view;
2017-07-22 20:39:54 +02:00
EOF
2018-12-19 09:38:56 +01:00
cat <<EOF > /opt/postfix/conf/sql/mysql_transport_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2018-12-19 09:38:56 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT CONCAT( 'smtp_via_transport_maps:' , nexthop) AS transport FROM transports
WHERE active = '1'
AND destination = '%s' ;
EOF
2019-06-09 16:49:38 +02:00
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_resource_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2019-06-09 16:49:38 +02:00
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT 'null@localhost' FROM mailbox
WHERE kind REGEXP 'location|thing|group' AND username = '%s' ;
EOF
2018-12-19 09:38:56 +01:00
cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-07-22 20:39:54 +02:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-07-22 20:39:54 +02:00
dbname = ${ DBNAME }
2017-10-11 11:22:48 +02:00
query = SELECT CONCAT_WS( ':' , username, password) AS auth_data FROM relayhosts
WHERE id IN (
SELECT relayhost FROM domain
WHERE CONCAT( '@' , domain) = '%s'
2019-03-09 11:22:39 +01:00
OR domain IN (
SELECT target_domain FROM alias_domain WHERE CONCAT( '@' , alias_domain) = '%s'
2017-12-17 17:45:12 +01:00
)
2017-12-25 10:18:46 +01:00
)
2018-12-19 09:38:56 +01:00
AND active = '1'
AND username != '' ;
2019-03-09 12:30:36 +01:00
EOF
2018-12-19 09:38:56 +01:00
cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2018-12-19 09:38:56 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT CONCAT_WS( ':' , username, password) AS auth_data FROM transports
WHERE nexthop = '%s'
AND active = '1'
2018-12-25 15:02:50 +01:00
AND username != ''
LIMIT 1;
2017-03-06 10:33:44 +01:00
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
2017-10-11 11:22:48 +02:00
query = SELECT username FROM mailbox, alias_domain
WHERE alias_domain.alias_domain = '%d'
AND mailbox.username = CONCAT( '%u' , '@' , alias_domain.target_domain)
2020-04-29 11:00:00 +02:00
AND ( mailbox.active = '1' OR mailbox.active = '2' )
2017-10-11 11:22:48 +02:00
AND alias_domain.active= '1'
2017-03-06 10:33:44 +01:00
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_alias_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
2017-10-11 11:22:48 +02:00
query = SELECT goto FROM alias
WHERE address = '%s'
2020-06-06 01:12:31 +02:00
AND ( active = '1' OR active = '2' ) ;
2017-03-06 10:33:44 +01:00
EOF
2017-11-19 15:13:43 +01:00
cat <<EOF > /opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-11-19 15:13:43 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-11-19 15:13:43 +01:00
dbname = ${ DBNAME }
query = SELECT bcc_dest FROM bcc_maps
WHERE local_dest = '%s'
AND type = 'rcpt'
AND active = '1' ;
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_sender_bcc_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-11-19 15:13:43 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-11-19 15:13:43 +01:00
dbname = ${ DBNAME }
query = SELECT bcc_dest FROM bcc_maps
WHERE local_dest = '%s'
AND type = 'sender'
AND active = '1' ;
EOF
2018-01-23 19:59:06 +01:00
cat <<EOF > /opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2018-01-23 19:59:06 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2018-01-23 19:59:06 +01:00
dbname = ${ DBNAME }
query = SELECT new_dest FROM recipient_maps
WHERE old_dest = '%s'
AND active = '1' ;
EOF
2017-03-06 10:33:44 +01:00
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
2017-10-11 11:22:48 +02:00
query = SELECT alias_domain from alias_domain WHERE alias_domain = '%s' AND active = '1'
UNION
SELECT domain FROM domain
WHERE domain = '%s'
AND active = '1'
AND backupmx = '0'
2017-03-06 10:33:44 +01:00
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
2020-09-17 19:47:11 +02:00
query = SELECT CONCAT( JSON_UNQUOTE( JSON_VALUE( attributes, '$.mailbox_format' ) ) , mailbox_path_prefix, '%d/%u/' ) FROM mailbox WHERE username = '%s' AND ( active = '1' OR active = '2' )
2017-03-06 10:33:44 +01:00
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '1' AND active = '1'
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
2017-10-11 11:22:48 +02:00
# First select queries domain and alias_domain to determine if domains are active.
query = SELECT goto FROM alias
WHERE address = '%s'
AND active = '1'
AND ( domain IN
( SELECT domain FROM domain
WHERE domain = '%d'
AND active = '1' )
OR domain in (
SELECT alias_domain FROM alias_domain
WHERE alias_domain = '%d'
AND active = '1'
)
)
UNION
SELECT logged_in_as FROM sender_acl
WHERE send_as = '@%d'
OR send_as = '%s'
2018-08-02 12:15:04 +02:00
OR send_as = '*'
2017-10-11 11:22:48 +02:00
OR send_as IN (
SELECT CONCAT( '@' ,target_domain) FROM alias_domain
WHERE alias_domain = '%d' )
OR send_as IN (
SELECT CONCAT( '%u' ,'@' ,target_domain) FROM alias_domain
WHERE alias_domain = '%d' )
AND logged_in_as NOT IN (
SELECT goto FROM alias
WHERE address = '%s' )
UNION
SELECT username FROM mailbox, alias_domain
WHERE alias_domain.alias_domain = '%d'
AND mailbox.username = CONCAT( '%u' ,'@' ,alias_domain.target_domain)
2020-04-29 11:00:00 +02:00
AND ( mailbox.active = '1' OR mailbox.active = '2' )
2017-10-11 11:22:48 +02:00
AND alias_domain.active= '1'
2017-03-06 10:33:44 +01:00
EOF
2021-05-28 10:40:41 +02:00
# MX based routing
cat <<EOF > /opt/postfix/conf/sql/mysql_mbr_access_maps.cf
# Autogenerated by mailcow
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT CONCAT( 'FILTER smtp_via_transport_maps:' , nexthop) as transport FROM transports
WHERE '%s' REGEXP destination
AND active = '1'
AND is_mx_based = '1' ;
EOF
2020-09-17 19:47:11 +02:00
# Reject sasl usernames with smtp disabled
cat <<EOF > /opt/postfix/conf/sql/mysql_sasl_access_maps.cf
# Autogenerated by mailcow
user = ${ DBUSER }
password = ${ DBPASS }
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = ${ DBNAME }
query = SELECT 'REJECT' FROM mailbox WHERE username = '%u' AND JSON_UNQUOTE( JSON_VALUE( attributes, '$.smtp_access' ) ) = '0' ;
EOF
2017-03-06 10:33:44 +01:00
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf
2019-07-08 07:56:41 +02:00
# Autogenerated by mailcow
2017-03-06 10:33:44 +01:00
user = ${ DBUSER }
password = ${ DBPASS }
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
hosts = unix:/var/run/mysqld/mysqld.sock
2017-03-06 10:33:44 +01:00
dbname = ${ DBNAME }
2017-10-11 11:22:48 +02:00
query = SELECT goto FROM spamalias
WHERE address = '%s'
AND validity >= UNIX_TIMESTAMP( )
2017-03-06 10:33:44 +01:00
EOF
2017-03-02 11:23:23 +01:00
2019-09-02 18:37:05 +02:00
sed -i '/User overrides/q' /opt/postfix/conf/main.cf
echo >> /opt/postfix/conf/main.cf
2020-12-09 14:41:19 +01:00
touch /opt/postfix/conf/extra.cf
sed -i '/myhostname/d' /opt/postfix/conf/extra.cf
echo -e " myhostname = ${ MAILCOW_HOSTNAME } \n $( cat /opt/postfix/conf/extra.cf) " > /opt/postfix/conf/extra.cf
cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf
2019-09-02 18:37:05 +02:00
2019-11-12 20:44:43 +01:00
if [ ! -f /opt/postfix/conf/custom_transport.pcre ] ; then
echo "Creating dummy custom_transport.pcre"
touch /opt/postfix/conf/custom_transport.pcre
fi
2020-02-06 08:28:48 +01:00
if [ [ ! -f /opt/postfix/conf/custom_postscreen_whitelist.cidr ] ] ; then
echo "Creating dummy custom_postscreen_whitelist.cidr"
2021-01-11 19:23:32 +01:00
cat <<EOF > /opt/postfix/conf/custom_postscreen_whitelist.cidr
# Autogenerated by mailcow
# Rules are evaluated in the order as specified.
# Blacklist 192.168.* except 192.168.0.1.
# 192.168.0.1 permit
# 192.168.0.0/16 reject
EOF
2020-02-06 08:28:48 +01:00
fi
2017-04-05 22:19:41 +02:00
# Fix Postfix permissions
2019-11-12 20:44:43 +01:00
chown -R root:postfix /opt/postfix/conf/sql/ /opt/postfix/conf/custom_transport.pcre
chmod 640 /opt/postfix/conf/sql/*.cf /opt/postfix/conf/custom_transport.pcre
2017-04-05 22:19:41 +02:00
chgrp -R postdrop /var/spool/postfix/public
chgrp -R postdrop /var/spool/postfix/maildrop
postfix set-permissions
2017-04-08 23:36:46 +02:00
# Check Postfix configuration
2019-09-02 18:37:05 +02:00
postconf -c /opt/postfix/conf > /dev/null
2017-04-08 23:36:46 +02:00
2017-03-02 11:23:23 +01:00
if [ [ $? != 0 ] ] ; then
2017-10-11 11:22:48 +02:00
echo "Postfix configuration error, refusing to start."
exit 1
2017-03-02 11:23:23 +01:00
else
2017-10-11 11:22:48 +02:00
postfix -c /opt/postfix/conf start
sleep 126144000
2017-03-02 11:23:23 +01:00
fi