Add LDAP_QUERY_FILTER_SENDERS setting for spoof protection with LDAP (#1902)

2025-07-14 19:34:50 +02:00 · 2021-04-17 22:40:19 +02:00 · 2021-04-17 22:40:19 +02:00 · 271d94a37e
commit 271d94a37e
parent 6fbd1967d1
7 changed files with 45 additions and 3 deletions
--- a/target/scripts/startup/setup-stack.sh
+++ b/target/scripts/startup/setup-stack.sh
@ -421,6 +421,7 @@ function _setup_ldap
    /etc/postfix/ldap-groups.cf
    /etc/postfix/ldap-aliases.cf
    /etc/postfix/ldap-domains.cf
+    /etc/postfix/ldap-senders.cf
    /etc/postfix/maps/sender_login_maps.ldap
  )

@ -430,6 +431,7 @@ function _setup_ldap
    [[ ${FILE} =~ ldap-group ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_GROUP}"
    [[ ${FILE} =~ ldap-aliases ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_ALIAS}"
    [[ ${FILE} =~ ldap-domains ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_DOMAIN}"
+    [[ ${FILE} =~ ldap-senders ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_SENDERS}"
    configomat.sh "LDAP_" "${FILE}"
  done

@ -553,7 +555,11 @@ function _setup_spoof_protection

  if [[ ${ENABLE_LDAP} -eq 1 ]]
  then
-    postconf -e "smtpd_sender_login_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-aliases.cf ldap:/etc/postfix/ldap-groups.cf"
+    if [[ -z ${LDAP_QUERY_FILTER_SENDERS} ]]; then
+      postconf -e "smtpd_sender_login_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-aliases.cf ldap:/etc/postfix/ldap-groups.cf"
+    else
+      postconf -e "smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf"
+    fi
  else
    if [[ -f /etc/postfix/regexp ]]
    then