Switch postfix to Podop

2024-12-14 10:53:30 +02:00 · 2018-07-26 21:57:21 +02:00 · 2018-07-26 21:57:21 +02:00 · bb73933e1e
commit bb73933e1e
parent 82e738cc53
3 changed files with 29 additions and 12 deletions
--- a/core/postfix/Dockerfile
+++ b/core/postfix/Dockerfile
@ -1,6 +1,8 @@
 FROM alpine

-RUN apk add --no-cache postfix postfix-sqlite postfix-pcre rsyslog python py-jinja2
+RUN apk add --no-cache postfix postfix-pcre rsyslog \
+    python3 py3-pip \
+ && pip3 install jinja2 podop

 COPY conf /conf
 COPY start.py /start.py
--- a/core/postfix/conf/main.cf
+++ b/core/postfix/conf/main.cf
@ -19,8 +19,8 @@ mynetworks = 127.0.0.1/32 [::1]/128 {{ RELAYNETS }}
 # Empty alias list to override the configuration variable and disable NIS
 alias_maps =

-# SQLite configuration
-sql = sqlite:${config_directory}/
+# Podop configuration
+podop = socketmap:unix:/tmp/podop.socket:

 # Only accept virtual emails
 mydestination =
@ -56,13 +56,13 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

 # The alias map actually returns both aliases and local mailboxes, which is
 # required for reject_unlisted_sender to work properly
-virtual_alias_maps = ${sql}sqlite-virtual_alias_maps.cf
-virtual_mailbox_domains = ${sql}sqlite-virtual_mailbox_domains.cf
-virtual_mailbox_maps = $virtual_alias_maps
+virtual_alias_maps = ${podop}alias
+virtual_mailbox_domains = ${podop}domains
+virtual_mailbox_maps = ${podop}mailbox

 # Mails are transported if required, then forwarded to Dovecot for delivery
-relay_domains = ${sql}sqlite-transport.cf
-transport_maps = ${sql}sqlite-transport.cf
+relay_domains = ${podop}transport
+transport_maps = ${podop}transport
 virtual_transport = lmtp:inet:{{ HOST_LMTP }}

 # In order to prevent Postfix from running DNS query, enforce the use of the
@ -84,7 +84,7 @@ smtpd_helo_required = yes

 smtpd_recipient_restrictions =
  permit_mynetworks,
-  check_sender_access ${sql}sqlite-reject-spoofed.cf,
+  check_sender_access ${podop}spoofed
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain,
--- a/core/postfix/start.py
+++ b/core/postfix/start.py
@ -1,11 +1,25 @@
-#!/usr/bin/python
+#!/usr/bin/python3

 import jinja2
 import os
 import socket
 import glob
 import shutil
-	
+import multiprocessing
+
+from podop import run_server
+
+
+def start_podop():
+    os.setuid(100)
+    run_server(40, "postfix", "/tmp/podop.socket", [
+		("transport", "url", "http://admin/internal/postfix/transport/§"),
+		("alias", "url", "http://admin/internal/postfix/alias/§"),
+		("domains", "url", "http://admin/internal/postfix/domains/§"),
+        ("mailbox", "url", "http://admin/internal/postfix/mailbox/§"),
+        ("spoofed", "url", "http://admin/internal/postfix/spoofed/§"),
+    ])
+
 convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))

 # Actual startup script
@ -32,7 +46,8 @@ for map_file in glob.glob("/overrides/*.map"):

 convert("/conf/rsyslog.conf", "/etc/rsyslog.conf")

-# Run postfix
+# Run Podop and Postfix
+multiprocessing.Process(target=start_podop).start()
 if os.path.exists("/var/run/rsyslogd.pid"):
    os.remove("/var/run/rsyslogd.pid")
 os.system("/usr/lib/postfix/post-install meta_directory=/etc/postfix create-missing")