Pārlūkot izejas kodu

Remove indices from mailserver SQL schema and added send-only users.

Thomas Buck 5 gadus atpakaļ
vecāks
revīzija
50ca2d19b2

+ 6
- 7
group_vars/sovereign Parādīt failu

@@ -11,28 +11,27 @@ admin_email: "{{ main_user_name }}@{{ domain }}"
11 11
 
12 12
 virtual_domains:
13 13
   - name: "{{ domain }}"
14
-    pk_id: 1
15 14
     doc_root: "/var/www/{{ domain }}"
16 15
 
17 16
 mail_virtual_users:
18 17
   - account: "{{ main_user_name }}"
19 18
     domain: "{{ domain }}"
20
-    password: "{{ 'changeme' | doveadm_pw_hash }}"
21
-    domain_pk_id: 1
19
+    password: "{{ lookup('password', secret + '/' + 'mail_main_user_password length=20') | doveadm_pw_hash }}"
20
+    sendonly: 0
21
+  - account: "noreply"
22
+    domain: "{{ domain }}"
23
+    password: "{{ lookup('password', secret + '/' + 'mail_noreply_password length=20') | doveadm_pw_hash }}"
24
+    sendonly: 1
22 25
 
23 26
 mail_virtual_aliases:
24 27
   - source: "root@{{ domain }}"
25 28
     destination: "{{ admin_email }}"
26
-    domain_pk_id: 1
27 29
   - source: "postmaster@{{ domain }}"
28 30
     destination: "{{ admin_email }}"
29
-    domain_pk_id: 1
30 31
   - source: "webmaster@{{ domain }}"
31 32
     destination: "{{ admin_email }}"
32
-    domain_pk_id: 1
33 33
   - source: "abuse@{{ domain }}"
34 34
     destination: "{{ admin_email }}"
35
-    domain_pk_id: 1
36 35
 
37 36
 common_timezone: 'Etc/UTC'
38 37
 

+ 1
- 6
roles/mailserver/defaults/main.yml Parādīt failu

@@ -20,27 +20,22 @@ friendly_networks:
20 20
 
21 21
 virtual_domains:
22 22
   - name: "{{ domain }}"
23
-    pk_id: 1
24 23
     doc_root: "/var/www/{{ domain }}"
25 24
 
26 25
 mail_virtual_users:
27 26
   - account: "{{ main_user_name }}"
28 27
     domain: "{{ domain }}"
29 28
     password: "{{ lookup('password', secret + '/' + 'mail_main_user_password length=20') | doveadm_pw_hash }}"
30
-    domain_pk_id: 1
29
+    sendonly: 0
31 30
 
32 31
 mail_virtual_aliases:
33 32
   - source: "root@{{ domain }}"
34 33
     destination: "{{ admin_email }}"
35
-    domain_pk_id: 1
36 34
   - source: "postmaster@{{ domain }}"
37 35
     destination: "{{ admin_email }}"
38
-    domain_pk_id: 1
39 36
   - source: "webmaster@{{ domain }}"
40 37
     destination: "{{ admin_email }}"
41
-    domain_pk_id: 1
42 38
   - source: "abuse@{{ domain }}"
43 39
     destination: "{{ admin_email }}"
44
-    domain_pk_id: 1
45 40
 
46 41
 zpush_timezone: "{{ common_timezone | default('Etc/UTC') }}"

+ 1
- 0
roles/mailserver/files/etc_postfix_master.cf Parādīt failu

@@ -20,6 +20,7 @@ submission inet  n       -       -       -       -       smtpd
20 20
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
21 21
   -o smtpd_sasl_security_options=noanonymous,noplaintext
22 22
   -o smtpd_sasl_tls_security_options=noanonymous
23
+  -o smtpd_sender_login_maps=pgsql:/etc/postfix/pgsql-sender-login-maps.cf
23 24
 
24 25
 # SMTP over SSL/TLS on port 465.
25 26
 #smtps     inet  n       -       -       -       -       smtpd

+ 2
- 0
roles/mailserver/tasks/postfix.yml Parādīt failu

@@ -89,6 +89,8 @@
89 89
     - pgsql-virtual-alias-maps.cf
90 90
     - pgsql-virtual-mailbox-domains.cf
91 91
     - pgsql-virtual-mailbox-maps.cf
92
+    - pgsql-recipient-access.cf
93
+    - pgsql-sender-login-maps.cf
92 94
   notify: restart postfix
93 95
 
94 96
 - name: Set firewall rules for postfix

+ 3
- 1
roles/mailserver/templates/etc_dovecot_dovecot-sql.conf.ext.j2 Parādīt failu

@@ -103,7 +103,7 @@ default_pass_scheme = SHA512-CRYPT
103 103
 #  SELECT username, domain, password \
104 104
 #  FROM users WHERE username = '%n' AND domain = '%d'
105 105
 
106
-password_query = SELECT email AS user, password FROM virtual_users WHERE email = '%u';
106
+password_query = SELECT username AS user, domain, password FROM virtual_users WHERE username = '%n' AND domain = '%d' and sendonly = false;
107 107
 
108 108
 # userdb query to retrieve the user information. It can return fields:
109 109
 #   uid - System UID (overrides mail_uid setting)
@@ -136,3 +136,5 @@ password_query = SELECT email AS user, password FROM virtual_users WHERE email =
136 136
 
137 137
 # Query to get a list of all usernames.
138 138
 #iterate_query = SELECT username AS user FROM users
139
+
140
+iterate_query = SELECT username, domain FROM virtual_users WHERE sendonly = false;

+ 1
- 1
roles/mailserver/templates/etc_postfix_main.cf.j2 Parādīt failu

@@ -72,7 +72,7 @@ smtpd_recipient_restrictions =
72 72
   reject_non_fqdn_hostname,
73 73
   reject_non_fqdn_recipient,
74 74
   reject_unknown_recipient_domain,
75
-  permit
75
+  check_recipient_access pgsql:/etc/postfix/pgsql-recipient-access.cf
76 76
 
77 77
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
78 78
 # information on enabling SSL in the smtp client.

+ 5
- 0
roles/mailserver/templates/etc_postfix_pgsql-recipient-access.cf.j2 Parādīt failu

@@ -0,0 +1,5 @@
1
+user = {{ mail_db_username }}
2
+password = {{ mail_db_password }}
3
+hosts = 127.0.0.1
4
+dbname = {{ mail_db_database }}
5
+query = SELECT CASE WHEN sendonly = true THEN 'REJECT' ELSE 'OK' END AS access FROM virtual_users WHERE username = '%u' and domain = '%d';

+ 5
- 0
roles/mailserver/templates/etc_postfix_pgsql-sender-login-maps.cf.j2 Parādīt failu

@@ -0,0 +1,5 @@
1
+user = {{ mail_db_username }}
2
+password = {{ mail_db_password }}
3
+hosts = 127.0.0.1
4
+dbname = {{ mail_db_database }}
5
+query = SELECT concat(username, '@', domain) AS 'owns' FROM virtual_users WHERE username = '%u' AND domain = '%d' UNION SELECT destination AS 'owns' FROM virtual_aliases WHERE source = concat('%u', '@', '%d');

+ 1
- 1
roles/mailserver/templates/etc_postfix_pgsql-virtual-mailbox-maps.cf.j2 Parādīt failu

@@ -2,4 +2,4 @@ user = {{ mail_db_username }}
2 2
 password = {{ mail_db_password }}
3 3
 hosts = 127.0.0.1
4 4
 dbname = {{ mail_db_database }}
5
-query = SELECT 1 FROM virtual_users WHERE email='%s'
5
+query = SELECT 1 FROM virtual_users WHERE username = '%u' and domain = '%d'

+ 17
- 16
roles/mailserver/templates/mailserver.sql.j2 Parādīt failu

@@ -14,44 +14,45 @@ CREATE UNIQUE INDEX name_idx ON virtual_domains (name);
14 14
 
15 15
 CREATE TABLE IF NOT EXISTS "virtual_users" (
16 16
         "id" SERIAL,
17
-        "domain_id" int NOT NULL,
17
+        "username" TEXT NOT NULL,
18
+        "domain" TEXT NOT NULL,
18 19
         "password" TEXT NOT NULL,
19
-        "email" TEXT NOT NULL UNIQUE,
20
-        PRIMARY KEY ("id"),
21
-        FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
20
+        "sendonly" boolean DEFAULT FALSE,
21
+        PRIMARY KEY ("id")
22 22
 );
23 23
 
24
-
25
-CREATE UNIQUE INDEX email_idx ON virtual_users (email);
24
+CREATE UNIQUE INDEX email_idx ON virtual_users (username, domain);
26 25
 
27 26
 CREATE TABLE IF NOT EXISTS "virtual_aliases" (
28 27
         "id" SERIAL,
29
-        "domain_id" int NOT NULL,
30 28
         "source" TEXT NOT NULL,
31 29
         "destination" TEXT NOT NULL,
32
-        PRIMARY KEY ("id"),
33
-        FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
30
+        PRIMARY KEY ("id")
34 31
 );
35 32
 
36 33
 CREATE INDEX source_idx ON virtual_aliases (source);
37 34
 
38 35
 {% for virtual_domain in virtual_domains %}
39
-INSERT INTO "virtual_domains" ("id", "name")
40
-        VALUES ('{{ virtual_domain.pk_id }}', '{{ virtual_domain.name }}');
36
+INSERT INTO "virtual_domains" ("name")
37
+        VALUES ('{{ virtual_domain.name }}');
41 38
 {% endfor %}
42 39
 
43 40
 {% for virtual_user in mail_virtual_users %}
44
-INSERT INTO "virtual_users"  ("domain_id", "password" , "email")
41
+INSERT INTO "virtual_users"  ("username", "domain", "password" , "sendonly")
45 42
 	VALUES (
46
-		'{{ virtual_user.domain_pk_id }}',
43
+		'{{ virtual_user.account }}',
44
+		'{{ virtual_user.domain }}',
47 45
 		'{{ virtual_user.password }}',
48
-		'{{ virtual_user.account }}@{{ virtual_user.domain }}'
46
+		'{{ virtual_user.sendonly }}'
49 47
 	);
50 48
 {% endfor %}
51 49
 
52 50
 {% if mail_virtual_aliases is defined %}
53 51
 {% for virtual_alias in mail_virtual_aliases %}
54
-INSERT INTO "virtual_aliases" ("domain_id", "source", "destination")
55
-    VALUES ('{{ virtual_alias.domain_pk_id }}', '{{ virtual_alias.source }}', '{{virtual_alias.destination }}');
52
+INSERT INTO "virtual_aliases" ("source", "destination")
53
+    VALUES (
54
+        '{{ virtual_alias.source }}',
55
+        '{{ virtual_alias.destination }}'
56
+    );
56 57
 {% endfor %}
57 58
 {% endif %}

Notiek ielāde…
Atcelt
Saglabāt