fix: setup email restrict configs should only prepend once (#4379)

* fix: `setup email restrict` configs should only prepend once * chore: Prepend to our custom parameter variant to retain applying to all `smtpd` ports --------- Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2025-07-22 03:34:38 +02:00 · 2025-03-02 01:55:13 +13:00 · 2025-03-02 01:55:13 +13:00 · 5686a4097a
commit 5686a4097a
parent 309b5a9086
2 changed files with 9 additions and 4 deletions
--- a/target/scripts/startup/setup.d/postfix.sh
+++ b/target/scripts/startup/setup.d/postfix.sh
@ -93,13 +93,17 @@ EOF
 function _setup_postfix_late() {
  _log 'debug' 'Configuring Postfix (late setup)'

+  # These two config files are `access` database tables managed via `setup email restrict`:
+  # NOTE: Prepends to existing restrictions, thus has priority over other permit/reject policies that follow.
+  # https://www.postfix.org/postconf.5.html#smtpd_sender_restrictions
+  # https://www.postfix.org/access.5.html
  __postfix__log 'trace' 'Configuring user access'
  if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]; then
-    sed -i -E 's|(smtpd_sender_restrictions =)|\1 check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf
+    sed -i -E 's|^(dms_smtpd_sender_restrictions =)|\1 check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf
  fi

  if [[ -f /tmp/docker-mailserver/postfix-receive-access.cf ]]; then
-    sed -i -E 's|(smtpd_recipient_restrictions =)|\1 check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
+    sed -i -E 's|^(dms_smtpd_recipient_restrictions =)|\1 check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
  fi

  __postfix__log 'trace' 'Configuring relay host'