Browse Source

mailserver: add VERP marking of outgoing an unmarking of incoming mails

master
iburadempa 2 years ago
parent
commit
b0bc240ee5
  1. 3
      mail_system.yml
  2. 27
      mail_system/tasks/database.yml
  3. 2
      mail_system/tasks/postfix.yml
  4. 10
      mail_system/templates/postfix/main.cf
  5. 10
      mail_system/templates/postfix/recipient_canonical_maps.cf
  6. 21
      mail_system/templates/postfix/sender_canonical_maps.cf

3
mail_system.yml

@ -27,9 +27,12 @@
# overwrite_config: no
# reject_sender_login_mismatch: yes
# mynetworks: "10.0.0.0/24 [2a01:XXXX:XXXX:XXXX::]/64"
# verp_marker: rstxyz
# dovecot:
# auth_default_realm: mymaindomain.org
#
# Take care thate the verp_marker only contains [a-z0-9]+ (NO UPPER CASE LETTERS!).
#
# (Use ansible-vault encrypt_string zo encrypt the password.)
#
# TODOs after running this playbook:

27
mail_system/tasks/database.yml

@ -131,3 +131,30 @@
table: shared_folders_anyone
columns: from_user
idxname: shared_folders__from
- name: database table mail_from
postgresql_table:
login_host: "{{ mailserver.postgresql.host }}"
port: "{{ mailserver.postgresql.port }}"
login_user: "{{ mailserver.postgresql.username }}"
login_password: "{{ mailserver.postgresql.password }}"
db: "{{ mailserver.postgresql.dbname }}"
ssl_mode: disable
name: mail_from
columns:
- id bigserial primary key
- t timestamp default now()
- original varchar(250) not null
- rewritten varchar(250) not null
- name: database index mail_from__rewritten
postgresql_idx:
login_host: "{{ mailserver.postgresql.host }}"
port: "{{ mailserver.postgresql.port }}"
login_user: "{{ mailserver.postgresql.username }}"
login_password: "{{ mailserver.postgresql.password }}"
db: "{{ mailserver.postgresql.dbname }}"
ssl_mode: disable
table: mail_from
columns: rewritten
idxname: mail_from__rewritten

2
mail_system/tasks/postfix.yml

@ -72,6 +72,8 @@
- relay_domains.cf
- relay_recipient_maps.cf
- transport_maps.cf
- sender_canonical_maps.cf
- recipient_canonical_maps.cf
- name: restart postfix
systemd:

10
mail_system/templates/postfix/main.cf

@ -95,6 +95,16 @@ smtpd_relay_restrictions =
# rspamd
# VERP marking
# Envelope sender addresses matching mydomains are marked.
# The marker is removed from envelope recipient addresses.
canonical_classes = envelope_sender, envelope_recipient
sender_canonical_classes = envelope_sender
sender_canonical_maps = pgsql:/etc/postfix/sender_canonical_maps.cf
recipient_canonical_classes = envelope_recipient
recipient_canonical_maps = pgsql:/etc/postfix/recipient_canonical_maps.cf
# useful for log analysis
enable_long_queue_ids = yes

10
mail_system/templates/postfix/recipient_canonical_maps.cf

@ -0,0 +1,10 @@
# THIS FILE IS CONTROLLED BY ANSIBLE - DO NOT CHANGE IN DEPLOYMENT!
# man pgsql_table
user = {{ mailserver.postgresql.username }}
password = {{ mailserver.postgresql.password }}
dbname = {{ mailserver.postgresql.dbname }}
hosts = {{ mailserver.postgresql.host }}
query = select regexp_replace('%s', '\+(.*){{ mailserver.postfix.verp_marker }}-\d+@', '+\1@')

21
mail_system/templates/postfix/sender_canonical_maps.cf

@ -0,0 +1,21 @@
# THIS FILE IS CONTROLLED BY ANSIBLE - DO NOT CHANGE IN DEPLOYMENT!
# man pgsql_table
user = {{ mailserver.postgresql.username }}
password = {{ mailserver.postgresql.password }}
dbname = {{ mailserver.postgresql.dbname }}
hosts = {{ mailserver.postgresql.host }}
query = insert into mail_from (id, original, rewritten)
values (nextval('mail_from_id_seq'), '%s',
case
when regexp_replace('%s', '.*@([^@]+)$', '\1') in (select name from domains)
then case
when '%s'~*'{{ mailserver.postfix.verp_marker }}-\d+@'
then '%s'
else regexp_replace('%s', '^(.*)@[^@]+$', '\1') || case when '%s'~'\+' then '{{ mailserver.postfix.verp_marker }}-' else '+{{ mailserver.postfix.verp_marker }}-' end || lastval()::text || '@' || regexp_replace('%s', '.*@([^@]+)$', '\1')
end
else '%s'
end
) on conflict (rewritten) do nothing returning rewritten
Loading…
Cancel
Save