From 870125b28b0b728890c8da1db42d48b89ba60ce6 Mon Sep 17 00:00:00 2001 From: "root@culturestrings" Date: Sat, 29 Aug 2020 00:38:33 +0000 Subject: postfix: submission port (client certs required): opendkim integration. --- public/fs/etc/postfix/header_checks_submission-in.sh | 13 +++++++++++++ public/fs/etc/postfix/header_checks_submission.in | 1 + public/fs/etc/postfix/master.cf | 7 +++++++ 3 files changed, 21 insertions(+) create mode 100755 public/fs/etc/postfix/header_checks_submission-in.sh create mode 100644 public/fs/etc/postfix/header_checks_submission.in diff --git a/public/fs/etc/postfix/header_checks_submission-in.sh b/public/fs/etc/postfix/header_checks_submission-in.sh new file mode 100755 index 0000000..1eb82bb --- /dev/null +++ b/public/fs/etc/postfix/header_checks_submission-in.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +set -eu + +sitezone="$1" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +source /root/config/private/config/hostinfo/${sitezone} + +sed -e 's/@mailhost@/'"${mailhost}"'/g' \ + "${cfg_srcdir}/header_checks_submission.in" diff --git a/public/fs/etc/postfix/header_checks_submission.in b/public/fs/etc/postfix/header_checks_submission.in new file mode 100644 index 0000000..0d16987 --- /dev/null +++ b/public/fs/etc/postfix/header_checks_submission.in @@ -0,0 +1 @@ +/^Received: from (.*) \((.*) \[(.*)\]\)(.*)/ REPLACE Received: from 127.0.0.1 (@mailhost@ [127.0.0.1])$4 diff --git a/public/fs/etc/postfix/master.cf b/public/fs/etc/postfix/master.cf index 3029630..db25f9d 100644 --- a/public/fs/etc/postfix/master.cf +++ b/public/fs/etc/postfix/master.cf @@ -8,6 +8,10 @@ submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_tls_req_ccert=yes -o smtpd_tls_auth_only=yes + -o smtpd_milters=unix:/var/spool/postfix/opendkim/submission.sock + -o non_smtpd_milters=unix:/var/spool/postfix/opendkim/submission.sock + -o milter_default_action=reject + -o cleanup_service_name=ascleanup smtp inet n - n - - smtpd smtp unix - - n - - smtp @@ -47,3 +51,6 @@ virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache + +ascleanup unix n - y - 0 cleanup + -o header_checks=pcre:/etc/postfix/header_checks_submission -- cgit v1.2.3