docker-mailserver/target/bin/restrict-access

#!/bin/bash

# shellcheck source=../scripts/helpers/index.sh
source /usr/local/bin/helpers/index.sh

COMMAND=${1:-}
DIRECTION=${2:-}
DIRECTION=${DIRECTION,,} # make lowercase
USER=${3:-}

function __usage { _log 'info' "Usage: ${0} <add|del|list> <send|receive> [<email@domain.com>]" ; }

if [[ ${DIRECTION} =~ ^(send|receive)$ ]]; then
  DATABASE="/tmp/docker-mailserver/postfix-${DIRECTION}-access.cf"
else
  __usage
  _exit_with_error "Unknown or missing second parameter '${DIRECTION}' - specify 'send' or 'receive'"
fi

if [[ -z ${USER} ]] && [[ ${COMMAND} != list ]]; then
  read -r -p 'Provide a username: ' USER
  [[ -z ${USER} ]] && _exit_with_error 'User must not be empty'
fi

case "${COMMAND}" in

  ( 'add' )
    if [[ -f ${DATABASE} ]] && grep -q -F "${USER}" "${DATABASE}"; then
      _exit_with_error "User '${USER}' already denied to ${DIRECTION} mails"
    fi

    echo -e "${USER} \t\t REJECT" >>"${DATABASE}"

    if [[ ${DIRECTION} == 'send' ]]; then
      CHECK='check_sender_access'
      POSTFIX_OPTION='smtpd_sender_restrictions'
    else
      CHECK='check_recipient_access'
      POSTFIX_OPTION='smtpd_recipient_restrictions'
    fi

    # only adjust Postfix's `main.cf` if we haven't adjusted it before
    STRING_TO_BE_ADDED="${CHECK} texthash:/tmp/docker-mailserver/postfix-${DIRECTION}-access.cf"
    if ! grep -q "${STRING_TO_BE_ADDED}" /etc/postfix/main.cf; then
      sed -i -E "s|^(${POSTFIX_OPTION} =)(.*)|\1 ${STRING_TO_BE_ADDED},\2|" /etc/postfix/main.cf
      _reload_postfix
    fi
    ;;

  ( 'del' )
    if ! sed -i "/^$(_escape "${USER}").*/d" "${DATABASE}" 2>/dev/null; then
      _exit_with_error "User '${USER}' not found"
    fi
    ;;

  ( 'list' )
    grep "REJECT" "${DATABASE}" 2>/dev/null || _log 'info' "Everyone is allowed to ${DIRECTION} mails"
    ;;

  ( * )
    __usage
    _exit_with_error "Unknown or missing command '${COMMAND}' - specify 'add', 'del' or 'list'"
    ;;

esac
Remove unusual space from shebang line (#2834) 2022-10-17 10:40:09 +02:00			`#!/bin/bash`
Restrict access (Closes #452, #816) new setup.sh function, new tests, new script 2018-02-07 21:33:07 +01:00
refactoring: split helper functions into smaller scripts (#2420) 2022-02-21 11:56:57 +01:00			`# shellcheck source=../scripts/helpers/index.sh`
			`source /usr/local/bin/helpers/index.sh`
Restrict access (Closes #452, #816) new setup.sh function, new tests, new script 2018-02-07 21:33:07 +01:00
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`COMMAND=${1:-}`
			`DIRECTION=${2:-}`
			`DIRECTION=${DIRECTION,,} # make lowercase`
			`USER=${3:-}`
Restrict access (Closes #452, #816) new setup.sh function, new tests, new script 2018-02-07 21:33:07 +01:00
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`function __usage { _log 'info' "Usage: ${0} <add\|del\|list> <send\|receive> [<email@domain.com>]" ; }`
Restrict access (Closes #452, #816) new setup.sh function, new tests, new script 2018-02-07 21:33:07 +01:00
change if style (#3361) 2023-05-24 09:06:59 +02:00			`if [[ ${DIRECTION} =~ ^(send\|receive)$ ]]; then`
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`DATABASE="/tmp/docker-mailserver/postfix-${DIRECTION}-access.cf"`
			`else`
			`__usage`
			`_exit_with_error "Unknown or missing second parameter '${DIRECTION}' - specify 'send' or 'receive'"`
			`fi`
Restrict access (Closes #452, #816) new setup.sh function, new tests, new script 2018-02-07 21:33:07 +01:00
change if style (#3361) 2023-05-24 09:06:59 +02:00			`if [[ -z ${USER} ]] && [[ ${COMMAND} != list ]]; then`
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`read -r -p 'Provide a username: ' USER`
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback 2022-03-26 09:30:09 +01:00			`[[ -z ${USER} ]] && _exit_with_error 'User must not be empty'`
Restrict access (Closes #452, #816) new setup.sh function, new tests, new script 2018-02-07 21:33:07 +01:00			`fi`

fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`case "${COMMAND}" in`

scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback 2022-03-26 09:30:09 +01:00			`( 'add' )`
change if style (#3361) 2023-05-24 09:06:59 +02:00			`if [[ -f ${DATABASE} ]] && grep -q -F "${USER}" "${DATABASE}"; then`
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`_exit_with_error "User '${USER}' already denied to ${DIRECTION} mails"`
			`fi`
Complete Refactor for `target/bin` (#1654) * documentation and script updates trying to fix #1647 * preparations for refactoring target/bin/ * complete refactor for target/bin/ * changing script output slightly * outsourcing functions in `bin-helper.sh` * re-wrote linting to allow for proper shellcheck -x execution * show explanation for shellcheck ignore * adding some more information 2020-10-21 18:16:32 +02:00
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`echo -e "${USER} \t\t REJECT" >>"${DATABASE}"`

change if style (#3361) 2023-05-24 09:06:59 +02:00			`if [[ ${DIRECTION} == 'send' ]]; then`
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`CHECK='check_sender_access'`
			`POSTFIX_OPTION='smtpd_sender_restrictions'`
			`else`
			`CHECK='check_recipient_access'`
			`POSTFIX_OPTION='smtpd_recipient_restrictions'`
			`fi`
postscreen implementation altered (#846) * new setup.sh function, new tests, new script and some minor updates to main.cf * fix for missing files * removed obsolete test-files * restart postfix if neccessary. * see pr #845 * fixed typo * fixed branchmixup * changed postfix reload command & changed to operate on container instead of image * reload postfix only on adding new restriction * main.cf is only changed when user is added. - Postfix reload changed - working on container instead of image now in setup.sh - added cleanup after tests * moved cleanup to makefile 2018-02-18 13:29:43 +01:00
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			# only adjust Postfix's `main.cf` if we haven't adjusted it before
			`STRING_TO_BE_ADDED="${CHECK} texthash:/tmp/docker-mailserver/postfix-${DIRECTION}-access.cf"`
change if style (#3361) 2023-05-24 09:06:59 +02:00			`if ! grep -q "${STRING_TO_BE_ADDED}" /etc/postfix/main.cf; then`
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`sed -i -E "s\|^(${POSTFIX_OPTION} =)(.*)\|\1 ${STRING_TO_BE_ADDED},\2\|" /etc/postfix/main.cf`
fix: Workaround `postconf` write settling logic (#2998) * fix: Workaround `postconf` write settle logic After updating `main.cf`, to avoid an enforced delay from reading the config by postfix tools, we can ensure the modified time is at least 2 seconds in the past as a workaround. This should be ok with our usage AFAIK. Shaves off 2+ seconds roughly off each container startup, reduces roughly 2+ minutes off tests. * chore: Only modify `mtime` if less than 2 seconds ago - Slight improvement by avoiding unnecessary writes with a conditional check on the util method. - Can more comfortably call this during `postfix reload` in the change detection cycle now. - Identified other tests that'd benefit from this, created a helper method to call instead of copy/paste. - The `setup email restrict` command also did a modification and reload. Added util method here too. * tests(fix): `mail_smtponly.bats` should wait for Postfix - `postfix reload` fails if the service is not ready yet. - `service postfix reload` and `/etc/init.d/postfix reload` presumably wait until it is ready? (as these work regardless) * chore: Review feedback - Move reload method into utilities 2023-01-12 22:10:58 +01:00			`_reload_postfix`
Complete Refactor for `target/bin` (#1654) * documentation and script updates trying to fix #1647 * preparations for refactoring target/bin/ * complete refactor for target/bin/ * changing script output slightly * outsourcing functions in `bin-helper.sh` * re-wrote linting to allow for proper shellcheck -x execution * show explanation for shellcheck ignore * adding some more information 2020-10-21 18:16:32 +02:00			`fi`
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback 2022-03-26 09:30:09 +01:00			`;;`
Complete Refactor for `target/bin` (#1654) * documentation and script updates trying to fix #1647 * preparations for refactoring target/bin/ * complete refactor for target/bin/ * changing script output slightly * outsourcing functions in `bin-helper.sh` * re-wrote linting to allow for proper shellcheck -x execution * show explanation for shellcheck ignore * adding some more information 2020-10-21 18:16:32 +02:00
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback 2022-03-26 09:30:09 +01:00			`( 'del' )`
change if style (#3361) 2023-05-24 09:06:59 +02:00			`if ! sed -i "/^$(_escape "${USER}").*/d" "${DATABASE}" 2>/dev/null; then`
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`_exit_with_error "User '${USER}' not found"`
			`fi`
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback 2022-03-26 09:30:09 +01:00			`;;`

			`( 'list' )`
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`grep "REJECT" "${DATABASE}" 2>/dev/null \|\| _log 'info' "Everyone is allowed to ${DIRECTION} mails"`
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback 2022-03-26 09:30:09 +01:00			`;;`
Complete Refactor for `target/bin` (#1654) * documentation and script updates trying to fix #1647 * preparations for refactoring target/bin/ * complete refactor for target/bin/ * changing script output slightly * outsourcing functions in `bin-helper.sh` * re-wrote linting to allow for proper shellcheck -x execution * show explanation for shellcheck ignore * adding some more information 2020-10-21 18:16:32 +02:00
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback 2022-03-26 09:30:09 +01:00			`( * )`
			`__usage`
fix `restrict-access` (#3067) 2023-02-18 16:52:42 +01:00			`_exit_with_error "Unknown or missing command '${COMMAND}' - specify 'add', 'del' or 'list'"`
Restrict access (Closes #452, #816) new setup.sh function, new tests, new script 2018-02-07 21:33:07 +01:00			`;;`
postscreen implementation altered (#846) * new setup.sh function, new tests, new script and some minor updates to main.cf * fix for missing files * removed obsolete test-files * restart postfix if neccessary. * see pr #845 * fixed typo * fixed branchmixup * changed postfix reload command & changed to operate on container instead of image * reload postfix only on adding new restriction * main.cf is only changed when user is added. - Postfix reload changed - working on container instead of image now in setup.sh - added cleanup after tests * moved cleanup to makefile 2018-02-18 13:29:43 +01:00
Complete Refactor for `target/bin` (#1654) * documentation and script updates trying to fix #1647 * preparations for refactoring target/bin/ * complete refactor for target/bin/ * changing script output slightly * outsourcing functions in `bin-helper.sh` * re-wrote linting to allow for proper shellcheck -x execution * show explanation for shellcheck ignore * adding some more information 2020-10-21 18:16:32 +02:00			`esac`