use postfix proxymap server for all mysql lookup tables. fixes #5472

jnorell · jnorell · commit 0cd9a9310cb7 · 2020-08-19T09:47:18.000-06:00
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
@@ -5,8 +5,8 @@ virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{co
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
-virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
-virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
+virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
+virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
 sender_bcc_maps = proxy:mysql:{config_dir}/mysql-virtual_outgoing_bcc.cf
 inet_protocols=all
 inet_interfaces = all
@@ -21,14 +21,14 @@ smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
 smtpd_tls_key_file = {config_dir}/smtpd.key
 transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{config_dir}/mysql-virtual_transports.cf
-relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
-relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
+relay_domains = proxy:mysql:{config_dir}/mysql-virtual_relaydomains.cf
+relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
-smtpd_sender_restrictions = {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_sender_restrictions =  {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
@@ -3,8 +3,8 @@ virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{co
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
-virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
-virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
+virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
+virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
 sender_bcc_maps = proxy:mysql:{config_dir}/mysql-virtual_outgoing_bcc.cf
 smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
@@ -17,14 +17,14 @@ smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
 smtpd_tls_key_file = {config_dir}/smtpd.key
 transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{config_dir}/mysql-virtual_transports.cf
-relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
-relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
+relay_domains = proxy:mysql:{config_dir}/mysql-virtual_relaydomains.cf
+relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
-smtpd_sender_restrictions = {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_sender_restrictions =  {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
@@ -3,8 +3,8 @@ virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{co
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
-virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
-virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
+virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
+virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
 smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
@@ -16,14 +16,14 @@ smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
 smtpd_tls_key_file = {config_dir}/smtpd.key
 transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{config_dir}/mysql-virtual_transports.cf
-relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
-relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
+relay_domains = proxy:mysql:{config_dir}/mysql-virtual_relaydomains.cf
+relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
-smtpd_sender_restrictions = {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_sender_restrictions =  {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
@@ -5,8 +5,8 @@ virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{co
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
-virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
-virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
+virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
+virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
 sender_bcc_maps = proxy:mysql:{config_dir}/mysql-virtual_outgoing_bcc.cf
 smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
@@ -19,14 +19,14 @@ smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
 smtpd_tls_key_file = {config_dir}/smtpd.key
 transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{config_dir}/mysql-virtual_transports.cf
-relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
-relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
+relay_domains = proxy:mysql:{config_dir}/mysql-virtual_relaydomains.cf
+relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
-smtpd_sender_restrictions = {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_sender_restrictions =  {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
diff --git a/server/plugins-available/postfix_server_plugin.inc.php b/server/plugins-available/postfix_server_plugin.inc.php
@@ -338,7 +338,7 @@ function update($event_name, $data) {
 				exec("postconf -e 'milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}'");
 				exec("postconf -e 'milter_default_action = accept'");
 
-				exec("postconf -e 'smtpd_sender_restrictions = ${rslm} permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf'");
+				exec("postconf -e 'smtpd_sender_restrictions = ${rslm} permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf'");
 				
 				$new_options = array();
 				$options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
@@ -376,7 +376,7 @@ function update($event_name, $data) {
 				exec("postconf -e 'content_filter = " . ($configure_lmtp ? "lmtp" : "amavis" ) . ":[127.0.0.1]:10024'");
 
 				// fixme: should read this from conf templates
-				exec("postconf -e 'smtpd_sender_restrictions = ${rslm} check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf'");
+				exec("postconf -e 'smtpd_sender_restrictions = ${rslm} check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf'");
 			}
 		}
 		

Original file line number	Diff line number	Diff line change
`@@ -338,7 +338,7 @@ function update($event_name, $data) {`
`338`	`338`	`exec("postconf -e 'milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}'");`
`339`	`339`	`exec("postconf -e 'milter_default_action = accept'");`
`340`	`340`
`341`		`- exec("postconf -e 'smtpd_sender_restrictions = ${rslm} permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf'");`
	`341`	`+ exec("postconf -e 'smtpd_sender_restrictions = ${rslm} permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf'");`
`342`	`342`
`343`	`343`	`$new_options = array();`
`344`	`344`	`$options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));`
`@@ -376,7 +376,7 @@ function update($event_name, $data) {`
`376`	`376`	`exec("postconf -e 'content_filter = " . ($configure_lmtp ? "lmtp" : "amavis" ) . ":[127.0.0.1]:10024'");`
`377`	`377`
`378`	`378`	`// fixme: should read this from conf templates`
`379`		`- exec("postconf -e 'smtpd_sender_restrictions = ${rslm} check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf'");`
	`379`	`+ exec("postconf -e 'smtpd_sender_restrictions = ${rslm} check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf'");`
`380`	`380`	`}`
`381`	`381`	`}`
`382`	`382`