mirror of
https://github.com/Mailu/Mailu.git
synced 2025-01-18 03:21:36 +02:00
Merge #2002
2002: Misc improvements to the postfix configuration r=mergify[bot] a=nextgens ## What type of PR? enhancement ## What does this PR do? - It removes a useless "Received" header - It changes the SRS key from SECRET_KEY to a subkey (this will affect "in flight" bounces) ### Related issue(s) - #466 ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [x] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
commit
7678365ab3
@ -29,6 +29,7 @@ def create_app_from_config(config):
|
||||
utils.migrate.init_app(app, models.db)
|
||||
|
||||
app.temp_token_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('WEBMAIL_TEMP_TOKEN_KEY', 'utf-8'), 'sha256').digest()
|
||||
app.srs_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('SRS_KEY', 'utf-8'), 'sha256').digest()
|
||||
|
||||
# Initialize list of translations
|
||||
config.translations = {
|
||||
|
@ -108,7 +108,7 @@ def postfix_recipient_map(recipient):
|
||||
|
||||
This is meant for bounces to go back to the original sender.
|
||||
"""
|
||||
srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
|
||||
srs = srslib.SRS(flask.current_app.srs_key)
|
||||
if srslib.SRS.is_srs_address(recipient):
|
||||
try:
|
||||
return flask.jsonify(srs.reverse(recipient))
|
||||
@ -123,7 +123,7 @@ def postfix_sender_map(sender):
|
||||
|
||||
This is for bounces to come back the reverse path properly.
|
||||
"""
|
||||
srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
|
||||
srs = srslib.SRS(flask.current_app.srs_key)
|
||||
domain = flask.current_app.config["DOMAIN"]
|
||||
try:
|
||||
localpart, domain_name = models.Email.resolve_domain(sender)
|
||||
|
@ -1,17 +1,8 @@
|
||||
# This configuration was copied from Mailinabox. The original version is available at:
|
||||
# https://raw.githubusercontent.com/mail-in-a-box/mailinabox/master/conf/postfix_outgoing_mail_header_filters
|
||||
|
||||
# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header
|
||||
# because OpenDKIM requires that a header be present when signing outbound mail. The first line is
|
||||
# where the user's home IP address would be.
|
||||
/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user ({{OUTCLEAN}} [{{OUTCLEAN_ADDRESS}}])$1
|
||||
|
||||
# Remove other typically private information.
|
||||
/^\s*User-Agent:/ IGNORE
|
||||
/^\s*X-Enigmail:/ IGNORE
|
||||
/^\s*X-Mailer:/ IGNORE
|
||||
/^\s*X-Originating-IP:/ IGNORE
|
||||
/^\s*X-Pgp-Agent:/ IGNORE
|
||||
# Remove typically private information.
|
||||
/^\s*(Received|User-Agent|X-(Enigmail|Mailer|Originating-IP|Pgp-Agent)):/ IGNORE
|
||||
|
||||
# The Mime-Version header can leak the user agent too, e.g. in Mime-Version: 1.0 (Mac OS X Mail 8.1 \(2010.6\)).
|
||||
/^\s*(Mime-Version:\s*[0-9\.]+)\s.+/ REPLACE $1
|
||||
|
@ -46,15 +46,6 @@ os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT",
|
||||
os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
|
||||
os.environ["ANTISPAM_MILTER_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_MILTER", "antispam:11332")
|
||||
os.environ["LMTP_ADDRESS"] = system.get_host_address_from_environment("LMTP", "imap:2525")
|
||||
os.environ["OUTCLEAN"] = os.environ["HOSTNAMES"].split(",")[0]
|
||||
try:
|
||||
_to_lookup = os.environ["OUTCLEAN"]
|
||||
# Ensure we lookup a FQDN: @see #1884
|
||||
if not _to_lookup.endswith('.'):
|
||||
_to_lookup += '.'
|
||||
os.environ["OUTCLEAN_ADDRESS"] = system.resolve_hostname(_to_lookup)
|
||||
except:
|
||||
os.environ["OUTCLEAN_ADDRESS"] = "10.10.10.10"
|
||||
|
||||
for postfix_file in glob.glob("/conf/*.cf"):
|
||||
conf.jinja(postfix_file, os.environ, os.path.join("/etc/postfix", os.path.basename(postfix_file)))
|
||||
|
1
towncrier/newsfragments/2002.enhancement
Normal file
1
towncrier/newsfragments/2002.enhancement
Normal file
@ -0,0 +1 @@
|
||||
Derive a new subkey (from SECRET_KEY) for SRS
|
1
towncrier/newsfragments/466.feature
Normal file
1
towncrier/newsfragments/466.feature
Normal file
@ -0,0 +1 @@
|
||||
Remove the Received header with PRIMARY_HOSTNAME [PUBLIC_IP]
|
Loading…
Reference in New Issue
Block a user