scripts: add wrapper to update Postfix configuration safely (#3484)

The new function can

1. update/append
2. update/prepend
3. initialize if non-existent

options in `/etc/postfix/main.cf` in a safe and secure manner. When the
container is improperly restarted, the option is not applied twice.

---

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
This commit is contained in:
Georg Lauterbach 2023-08-22 10:03:41 +02:00 committed by GitHub
parent 758fd9c913
commit cf9eb8278a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 55 additions and 16 deletions

View file

@ -16,10 +16,9 @@ function _setup_opendkim() {
_log 'trace' "Adding OpenDKIM to Postfix's milters"
postconf 'dkim_milter = inet:localhost:8891'
# shellcheck disable=SC2016
sed -i -E \
-e '/\$dkim_milter/! s|^(smtpd_milters =.*)|\1 \$dkim_milter|g' \
-e '/\$dkim_milter/! s|^(non_smtpd_milters =.*)|\1 \$dkim_milter|g' \
/etc/postfix/main.cf
_add_to_or_update_postfix_main 'smtpd_milters' '$dkim_milter'
# shellcheck disable=SC2016
_add_to_or_update_postfix_main 'non_smtpd_milters' '$dkim_milter'
# check if any keys are available
if [[ -e /tmp/docker-mailserver/opendkim/KeyTable ]]; then
@ -64,7 +63,7 @@ function _setup_opendmarc() {
postconf 'dmarc_milter = inet:localhost:8893'
# Make sure to append the OpenDMARC milter _after_ the OpenDKIM milter!
# shellcheck disable=SC2016
sed -i -E '/\$dmarc_milter/! s|^(smtpd_milters =.*)|\1 \$dmarc_milter|g' /etc/postfix/main.cf
_add_to_or_update_postfix_main 'smtpd_milters' '$dmarc_milter'
sed -i \
-e "s|^AuthservID.*$|AuthservID ${HOSTNAME}|g" \

View file

@ -138,7 +138,7 @@ function __rspamd__setup_postfix() {
postconf 'rspamd_milter = inet:localhost:11332'
# shellcheck disable=SC2016
sed -i -E 's|^(smtpd_milters =.*)|\1 \$rspamd_milter|g' /etc/postfix/main.cf
_add_to_or_update_postfix_main 'smtpd_milters' '$rspamd_milter'
}
# If ClamAV is enabled, we will integrate it into Rspamd.
@ -180,6 +180,7 @@ function __rspamd__setup_default_modules() {
metric_exporter
)
local MODULE
for MODULE in "${DISABLE_MODULES[@]}"; do
__rspamd__helper__enable_disable_module "${MODULE}" 'false'
done
@ -289,7 +290,7 @@ function __rspamd__handle_user_modules_adjustments() {
#
# @param ${1} = file name in ${RSPAMD_OVERRIDE_D}/
# @param ${2} = module name as it should appear in the log
# @patam ${3} = option name in the module
# @param ${3} = option name in the module
# @param ${4} = value of the option
#
# ## Note
@ -333,7 +334,6 @@ function __rspamd__handle_user_modules_adjustments() {
while read -r COMMAND ARGUMENT1 ARGUMENT2 ARGUMENT3; do
case "${COMMAND}" in
('disable-module')
__rspamd__helper__enable_disable_module "${ARGUMENT1}" 'false' 'override'
;;
@ -367,7 +367,6 @@ function __rspamd__handle_user_modules_adjustments() {
__rspamd__log 'warn' "Command '${COMMAND}' is invalid"
continue
;;
esac
done < <(_get_valid_lines_from_file "${RSPAMD_CUSTOM_COMMANDS_FILE}")
fi