introducing ENABLE_SRS env variable (Closes: #906, #852)

* making postsrsd optional * added tests, added documentation
2018-03-18 20:15:06 +01:00 · 2018-03-18 20:15:06 +01:00 · 2167108ec0
parent a420b15370
commit 2167108ec0
9 changed files with 57 additions and 7 deletions
--- a/.env.dist
+++ b/.env.dist
@ -45,6 +45,11 @@ TLS_LEVEL=
 #       Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
 SPOOF_PROTECTION=

+# Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation.
+#  - **0** => Disabled
+#  - 1 => Enabled
+ENABLE_SRS=0
+
 # 1 => Enables POP3 service
 # empty => disables POP3
 ENABLE_POP3=
--- a/1
+++ b/1
@ -31,6 +31,7 @@ run:
 		-e SA_KILL=3.0 \
 		-e SA_SPAM_SUBJECT="SPAM: " \
 		-e VIRUSMAILS_DELETE_DELAY=7 \
+		-e ENABLE_SRS=1 \
 		-e SASL_PASSWD="external-domain.com username:password" \
 		-e ENABLE_MANAGESIEVE=1 \
 		--cap-add=SYS_PTRACE \
--- a/README.md
+++ b/README.md
@ -83,6 +83,10 @@ You're done!

 And don't forget to have a look at the remaining functions of the `setup.sh` script

+#### SPF/Forwarding Problems
+
+If you got any problems with SPF and/or forwarding mails, give [SRS](https://github.com/roehling/postsrsd/blob/master/README.md) a try. You enable SRS by setting `ENABLE_SRS=1`. See the variable description for further information.
+
 #### For informational purposes:

 Your config folder will be mounted in `/tmp/docker-mailserver/`. To understand how things work on boot, please have a look at [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh)
@ -260,6 +264,11 @@ Configures the handling of creating mails with forged sender addresses.
  - **empty** => Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address. See also [Wikipedia](https://en.wikipedia.org/wiki/Email_spoofing)(not recommended, but default for backwards compatibility reasons)
  - 1 => (recommended) Mail spoofing denied. Each user may only send with his own or his alias addresses. Addresses with [extension delimiters](http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.

+##### ENABLE_SRS
+Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation.
+  - **0** => Disabled
+  - 1 => Enabled
+
 ##### PERMIT_DOCKER

 Set different options for mynetworks option (can be overwrite in postfix-main.cf)
--- a/docker-compose.elk.yml.dist
+++ b/docker-compose.elk.yml.dist
@ -26,6 +26,7 @@ services:
    - OVERRIDE_HOSTNAME=${OVERRIDE_HOSTNAME}
    - POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
    - POSTSCREEN_ACTION=${POSTSCREEN_ACTION}
+    - ENABLE_SRS=${ENABLE_SRS}
    - REPORT_RECIPIENT=${REPORT_RECIPIENT}
    - REPORT_INTERVAL=${REPORT_INTERVAL}
    - SMTP_ONLY=${SMTP_ONLY}
--- a/docker-compose.yml.dist
+++ b/docker-compose.yml.dist
@ -30,6 +30,7 @@ services:
    - SSL_TYPE=${SSL_TYPE}
    - TLS_LEVEL=${TLS_LEVEL}
    - SPOOF_PROTECTION=${SPOOF_PROTECTION}
+    - ENABLE_SRS=${ENABLE_SRS}
    - PERMIT_DOCKER=${PERMIT_DOCKER}
    - VIRUSMAILS_DELETE_DELAY=${VIRUSMAILS_DELETE_DELAY}
    - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${ENABLE_POSTFIX_VIRTUAL_TRANSPORT}
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@ -97,9 +97,3 @@ policyd-spf_time_limit = 3600

 # Remove unwanted headers that reveail our privacy
 smtp_header_checks = pcre:/etc/postfix/maps/sender_header_filter.pcre
-
-# postSRSd rules to process spf mail forwarding
-sender_canonical_maps = tcp:localhost:10001
-sender_canonical_classes = envelope_sender
-recipient_canonical_maps = tcp:localhost:10002
-recipient_canonical_classes = envelope_recipient,header_recipient
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@ -27,6 +27,7 @@ DEFAULT_VARS["POSTMASTER_ADDRESS"]="${POSTMASTER_ADDRESS:="postmaster@domain.com
 DEFAULT_VARS["POSTSCREEN_ACTION"]="${POSTSCREEN_ACTION:="enforce"}"
 DEFAULT_VARS["SPOOF_PROTECTION"]="${SPOOF_PROTECTION:="0"}"
 DEFAULT_VARS["TLS_LEVEL"]="${TLS_LEVEL:="modern"}"
+DEFAULT_VARS["ENABLE_SRS"]="${ENABLE_SRS:="0"}"
 DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}"
 DEFAULT_VARS["REPORT_INTERVAL"]="${REPORT_INTERVAL:="daily"}"
 ##########################################################################
@ -126,6 +127,11 @@ function register_functions() {
 		_register_setup_function "_setup_spoof_protection"
 	fi

+	if [ "$ENABLE_SRS" = 1 ];  then
+		_register_setup_function "_setup_SRS"
+		_register_start_daemon "_start_daemons_postsrsd"
+	fi
+
  _register_setup_function "_setup_postfix_access_control"

 	if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
@ -733,6 +739,14 @@ function _setup_postfix_aliases() {
 	fi
 }

+function _setup_SRS() {
+	notify 'task' 'Setting up SRS'
+	postconf -e "sender_canonical_maps = tcp:localhost:10001"
+	postconf -e "sender_canonical_classes = envelope_sender"
+	postconf -e "recipient_canonical_maps = tcp:localhost:10002"
+	postconf -e "recipient_canonical_classes = envelope_recipient,header_recipient"
+}
+
 function _setup_dkim() {
 	notify 'task' 'Setting up DKIM'

@ -1292,6 +1306,11 @@ function _start_daemons_opendmarc() {
    supervisorctl start opendmarc
 }

+function _start_daemons_postsrsd(){
+	notify 'task' 'Starting postsrsd ' 'n'
+	supervisorctl start postsrsd
+}
+
 function _start_daemons_postfix() {
 	notify 'task' 'Starting postfix' 'n'
    supervisorctl start postfix
--- a/target/supervisor/conf.d/supervisor-app.conf
+++ b/target/supervisor/conf.d/supervisor-app.conf
@ -124,7 +124,7 @@ command=/usr/local/bin/check-for-changes.sh

 [program:postsrsd]
 startsecs=0
-autostart=true
+autostart=false
 autorestart=unexpected
 stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log
--- a/test/tests.bats
+++ b/test/tests.bats
@ -790,6 +790,26 @@ load 'test_helper/bats-assert/load'
  assert_success
 }

+#
+# postsrsd
+#
+
+@test "checking SRS: main.cf entries" {
+  run docker exec mail grep "sender_canonical_maps = tcp:localhost:10001" /etc/postfix/main.cf
+  assert_success
+  run docker exec mail grep "sender_canonical_classes = envelope_sender" /etc/postfix/main.cf
+  assert_success
+  run docker exec mail grep "recipient_canonical_maps = tcp:localhost:10002" /etc/postfix/main.cf
+  assert_success
+  run docker exec mail grep "recipient_canonical_classes = envelope_recipient,header_recipient" /etc/postfix/main.cf
+  assert_success
+}
+
+@test "checking SRS: postsrsd running" {
+  run docker exec mail /bin/sh -c "ps aux | grep ^postsrsd"
+  assert_success
+}
+
 #
 # fail2ban
 #