2018-07-26 21:57:21 +02:00
|
|
|
#!/usr/bin/python3
|
2017-09-24 14:34:46 +02:00
|
|
|
|
|
|
|
import os
|
|
|
|
import glob
|
|
|
|
import shutil
|
2018-07-26 21:57:21 +02:00
|
|
|
import multiprocessing
|
2019-01-07 23:49:10 +02:00
|
|
|
import logging as log
|
|
|
|
import sys
|
2022-04-30 20:20:55 +02:00
|
|
|
import re
|
2018-07-26 21:57:21 +02:00
|
|
|
|
2021-10-29 15:34:00 +02:00
|
|
|
from podop import run_server
|
2021-07-24 14:39:40 +02:00
|
|
|
from pwd import getpwnam
|
2019-07-25 10:33:57 +02:00
|
|
|
from socrate import system, conf
|
2018-07-26 21:57:21 +02:00
|
|
|
|
2019-01-08 05:16:05 +02:00
|
|
|
log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
|
2018-07-26 21:57:21 +02:00
|
|
|
|
|
|
|
def start_podop():
|
2021-07-24 14:39:40 +02:00
|
|
|
os.setuid(getpwnam('postfix').pw_uid)
|
2022-04-18 11:19:50 +02:00
|
|
|
os.makedirs('/dev/shm/postfix',mode=0o700, exist_ok=True)
|
2019-01-17 16:32:47 +02:00
|
|
|
url = "http://" + os.environ["ADMIN_ADDRESS"] + "/internal/postfix/"
|
2019-01-07 23:49:10 +02:00
|
|
|
# TODO: Remove verbosity setting from Podop?
|
|
|
|
run_server(0, "postfix", "/tmp/podop.socket", [
|
2021-09-01 09:15:13 +02:00
|
|
|
("transport", "url", url + "transport/§"),
|
|
|
|
("alias", "url", url + "alias/§"),
|
|
|
|
("dane", "url", url + "dane/§"),
|
|
|
|
("domain", "url", url + "domain/§"),
|
2019-01-17 16:32:47 +02:00
|
|
|
("mailbox", "url", url + "mailbox/§"),
|
2020-01-14 02:18:30 +02:00
|
|
|
("recipientmap", "url", url + "recipient/map/§"),
|
|
|
|
("sendermap", "url", url + "sender/map/§"),
|
2019-01-17 16:32:47 +02:00
|
|
|
("senderaccess", "url", url + "sender/access/§"),
|
2021-08-08 09:21:14 +02:00
|
|
|
("senderlogin", "url", url + "sender/login/§"),
|
|
|
|
("senderrate", "url", url + "sender/rate/§")
|
2018-07-26 21:57:21 +02:00
|
|
|
])
|
|
|
|
|
2021-08-29 17:40:37 +02:00
|
|
|
def start_mta_sts_daemon():
|
|
|
|
os.chmod("/root/", 0o755) # read access to /root/.netrc required
|
|
|
|
os.setuid(getpwnam('postfix').pw_uid)
|
|
|
|
from postfix_mta_sts_resolver import daemon
|
|
|
|
daemon.main()
|
|
|
|
|
2020-03-07 20:17:24 +02:00
|
|
|
def is_valid_postconf_line(line):
|
|
|
|
return not line.startswith("#") \
|
|
|
|
and not line == ''
|
|
|
|
|
2019-01-07 23:49:10 +02:00
|
|
|
# Actual startup script
|
2021-12-08 20:13:28 +02:00
|
|
|
os.environ['DEFER_ON_TLS_ERROR'] = os.environ['DEFER_ON_TLS_ERROR'] if 'DEFER_ON_TLS_ERROR' in os.environ else 'True'
|
2019-08-23 08:43:59 +02:00
|
|
|
os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", "front")
|
|
|
|
os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
|
2019-10-12 01:01:35 +02:00
|
|
|
os.environ["ANTISPAM_MILTER_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_MILTER", "antispam:11332")
|
2019-08-23 08:43:59 +02:00
|
|
|
os.environ["LMTP_ADDRESS"] = system.get_host_address_from_environment("LMTP", "imap:2525")
|
2021-12-01 14:40:28 +02:00
|
|
|
os.environ["POSTFIX_LOG_SYSLOG"] = os.environ.get("POSTFIX_LOG_SYSLOG","local")
|
|
|
|
os.environ["POSTFIX_LOG_FILE"] = os.environ.get("POSTFIX_LOG_FILE", "")
|
2017-09-24 14:34:46 +02:00
|
|
|
|
2022-04-30 20:20:55 +02:00
|
|
|
# Postfix requires IPv6 addresses to be wrapped in square brackets
|
|
|
|
if 'RELAYNETS' in os.environ:
|
|
|
|
os.environ["RELAYNETS"] = re.sub(r'([0-9a-fA-F]+:[0-9a-fA-F:]+)/', '[\\1]/', os.environ["RELAYNETS"])
|
|
|
|
|
2017-09-24 14:34:46 +02:00
|
|
|
for postfix_file in glob.glob("/conf/*.cf"):
|
2019-07-25 10:33:57 +02:00
|
|
|
conf.jinja(postfix_file, os.environ, os.path.join("/etc/postfix", os.path.basename(postfix_file)))
|
2017-09-24 14:34:46 +02:00
|
|
|
|
|
|
|
if os.path.exists("/overrides/postfix.cf"):
|
|
|
|
for line in open("/overrides/postfix.cf").read().strip().split("\n"):
|
2020-03-07 20:17:24 +02:00
|
|
|
if is_valid_postconf_line(line):
|
|
|
|
os.system('postconf -e "{}"'.format(line))
|
2017-09-24 14:34:46 +02:00
|
|
|
|
|
|
|
if os.path.exists("/overrides/postfix.master"):
|
|
|
|
for line in open("/overrides/postfix.master").read().strip().split("\n"):
|
2020-03-07 20:17:24 +02:00
|
|
|
if is_valid_postconf_line(line):
|
|
|
|
os.system('postconf -Me "{}"'.format(line))
|
2017-09-24 14:34:46 +02:00
|
|
|
|
|
|
|
for map_file in glob.glob("/overrides/*.map"):
|
|
|
|
destination = os.path.join("/etc/postfix", os.path.basename(map_file))
|
|
|
|
shutil.copyfile(map_file, destination)
|
|
|
|
os.system("postmap {}".format(destination))
|
|
|
|
os.remove(destination)
|
|
|
|
|
2021-08-29 17:40:37 +02:00
|
|
|
if os.path.exists("/overrides/mta-sts-daemon.yml"):
|
2021-09-09 18:45:39 +02:00
|
|
|
shutil.copyfile("/overrides/mta-sts-daemon.yml", "/etc/mta-sts-daemon.yml")
|
2021-09-09 17:30:46 +02:00
|
|
|
else:
|
2021-09-09 18:45:39 +02:00
|
|
|
conf.jinja("/conf/mta-sts-daemon.yml", os.environ, "/etc/mta-sts-daemon.yml")
|
2021-08-29 17:40:37 +02:00
|
|
|
|
2022-02-19 19:37:37 +02:00
|
|
|
for policy in ['tls_policy', 'transport']:
|
|
|
|
if not os.path.exists(f'/etc/postfix/{policy}.map.lmdb'):
|
|
|
|
open(f'/etc/postfix/{policy}.map', 'a').close()
|
|
|
|
os.system(f'postmap /etc/postfix/{policy}.map')
|
2021-08-01 11:09:44 +02:00
|
|
|
|
2019-03-04 19:52:04 +02:00
|
|
|
if "RELAYUSER" in os.environ:
|
|
|
|
path = "/etc/postfix/sasl_passwd"
|
2019-07-25 10:33:57 +02:00
|
|
|
conf.jinja("/conf/sasl_passwd", os.environ, path)
|
2019-03-04 19:52:04 +02:00
|
|
|
os.system("postmap {}".format(path))
|
2017-09-24 14:34:46 +02:00
|
|
|
|
2021-12-07 12:13:47 +02:00
|
|
|
# Configure and start local rsyslog server
|
|
|
|
conf.jinja("/conf/rsyslog.conf", os.environ, "/etc/rsyslog.conf")
|
2022-01-22 18:15:51 +02:00
|
|
|
os.system("/usr/sbin/rsyslogd -niNONE &")
|
2021-12-14 17:47:16 +02:00
|
|
|
# Configure logrotate and start crond
|
2021-12-07 12:13:47 +02:00
|
|
|
if os.environ["POSTFIX_LOG_FILE"] != "":
|
|
|
|
conf.jinja("/conf/logrotate.conf", os.environ, "/etc/logrotate.d/postfix.conf")
|
2021-12-14 17:47:16 +02:00
|
|
|
os.system("/usr/sbin/crond")
|
2021-12-07 12:13:47 +02:00
|
|
|
if os.path.exists("/overrides/logrotate.conf"):
|
|
|
|
shutil.copyfile("/overrides/logrotate.conf", "/etc/logrotate.d/postfix.conf")
|
2020-04-09 14:34:54 +02:00
|
|
|
|
2018-07-26 21:57:21 +02:00
|
|
|
# Run Podop and Postfix
|
|
|
|
multiprocessing.Process(target=start_podop).start()
|
2021-08-29 17:40:37 +02:00
|
|
|
multiprocessing.Process(target=start_mta_sts_daemon).start()
|
2019-06-23 21:00:01 +02:00
|
|
|
os.system("/usr/libexec/postfix/post-install meta_directory=/etc/postfix create-missing")
|
2020-05-04 17:41:53 +02:00
|
|
|
# Before starting postfix, we need to check permissions on /queue
|
|
|
|
# in the event that postfix,postdrop id have changed
|
2020-05-04 20:18:32 +02:00
|
|
|
os.system("postfix set-permissions")
|
2019-06-23 21:18:39 +02:00
|
|
|
os.system("postfix start-fg")
|