Browse Source

Remove indices from mailserver SQL schema and added send-only users.

Thomas Buck 5 years ago
parent
commit
50ca2d19b2

+ 6
- 7
group_vars/sovereign View File

11
 
11
 
12
 virtual_domains:
12
 virtual_domains:
13
   - name: "{{ domain }}"
13
   - name: "{{ domain }}"
14
-    pk_id: 1
15
     doc_root: "/var/www/{{ domain }}"
14
     doc_root: "/var/www/{{ domain }}"
16
 
15
 
17
 mail_virtual_users:
16
 mail_virtual_users:
18
   - account: "{{ main_user_name }}"
17
   - account: "{{ main_user_name }}"
19
     domain: "{{ domain }}"
18
     domain: "{{ domain }}"
20
-    password: "{{ 'changeme' | doveadm_pw_hash }}"
21
-    domain_pk_id: 1
19
+    password: "{{ lookup('password', secret + '/' + 'mail_main_user_password length=20') | doveadm_pw_hash }}"
20
+    sendonly: 0
21
+  - account: "noreply"
22
+    domain: "{{ domain }}"
23
+    password: "{{ lookup('password', secret + '/' + 'mail_noreply_password length=20') | doveadm_pw_hash }}"
24
+    sendonly: 1
22
 
25
 
23
 mail_virtual_aliases:
26
 mail_virtual_aliases:
24
   - source: "root@{{ domain }}"
27
   - source: "root@{{ domain }}"
25
     destination: "{{ admin_email }}"
28
     destination: "{{ admin_email }}"
26
-    domain_pk_id: 1
27
   - source: "postmaster@{{ domain }}"
29
   - source: "postmaster@{{ domain }}"
28
     destination: "{{ admin_email }}"
30
     destination: "{{ admin_email }}"
29
-    domain_pk_id: 1
30
   - source: "webmaster@{{ domain }}"
31
   - source: "webmaster@{{ domain }}"
31
     destination: "{{ admin_email }}"
32
     destination: "{{ admin_email }}"
32
-    domain_pk_id: 1
33
   - source: "abuse@{{ domain }}"
33
   - source: "abuse@{{ domain }}"
34
     destination: "{{ admin_email }}"
34
     destination: "{{ admin_email }}"
35
-    domain_pk_id: 1
36
 
35
 
37
 common_timezone: 'Etc/UTC'
36
 common_timezone: 'Etc/UTC'
38
 
37
 

+ 1
- 6
roles/mailserver/defaults/main.yml View File

20
 
20
 
21
 virtual_domains:
21
 virtual_domains:
22
   - name: "{{ domain }}"
22
   - name: "{{ domain }}"
23
-    pk_id: 1
24
     doc_root: "/var/www/{{ domain }}"
23
     doc_root: "/var/www/{{ domain }}"
25
 
24
 
26
 mail_virtual_users:
25
 mail_virtual_users:
27
   - account: "{{ main_user_name }}"
26
   - account: "{{ main_user_name }}"
28
     domain: "{{ domain }}"
27
     domain: "{{ domain }}"
29
     password: "{{ lookup('password', secret + '/' + 'mail_main_user_password length=20') | doveadm_pw_hash }}"
28
     password: "{{ lookup('password', secret + '/' + 'mail_main_user_password length=20') | doveadm_pw_hash }}"
30
-    domain_pk_id: 1
29
+    sendonly: 0
31
 
30
 
32
 mail_virtual_aliases:
31
 mail_virtual_aliases:
33
   - source: "root@{{ domain }}"
32
   - source: "root@{{ domain }}"
34
     destination: "{{ admin_email }}"
33
     destination: "{{ admin_email }}"
35
-    domain_pk_id: 1
36
   - source: "postmaster@{{ domain }}"
34
   - source: "postmaster@{{ domain }}"
37
     destination: "{{ admin_email }}"
35
     destination: "{{ admin_email }}"
38
-    domain_pk_id: 1
39
   - source: "webmaster@{{ domain }}"
36
   - source: "webmaster@{{ domain }}"
40
     destination: "{{ admin_email }}"
37
     destination: "{{ admin_email }}"
41
-    domain_pk_id: 1
42
   - source: "abuse@{{ domain }}"
38
   - source: "abuse@{{ domain }}"
43
     destination: "{{ admin_email }}"
39
     destination: "{{ admin_email }}"
44
-    domain_pk_id: 1
45
 
40
 
46
 zpush_timezone: "{{ common_timezone | default('Etc/UTC') }}"
41
 zpush_timezone: "{{ common_timezone | default('Etc/UTC') }}"

+ 1
- 0
roles/mailserver/files/etc_postfix_master.cf View File

20
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
20
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
21
   -o smtpd_sasl_security_options=noanonymous,noplaintext
21
   -o smtpd_sasl_security_options=noanonymous,noplaintext
22
   -o smtpd_sasl_tls_security_options=noanonymous
22
   -o smtpd_sasl_tls_security_options=noanonymous
23
+  -o smtpd_sender_login_maps=pgsql:/etc/postfix/pgsql-sender-login-maps.cf
23
 
24
 
24
 # SMTP over SSL/TLS on port 465.
25
 # SMTP over SSL/TLS on port 465.
25
 #smtps     inet  n       -       -       -       -       smtpd
26
 #smtps     inet  n       -       -       -       -       smtpd

+ 2
- 0
roles/mailserver/tasks/postfix.yml View File

89
     - pgsql-virtual-alias-maps.cf
89
     - pgsql-virtual-alias-maps.cf
90
     - pgsql-virtual-mailbox-domains.cf
90
     - pgsql-virtual-mailbox-domains.cf
91
     - pgsql-virtual-mailbox-maps.cf
91
     - pgsql-virtual-mailbox-maps.cf
92
+    - pgsql-recipient-access.cf
93
+    - pgsql-sender-login-maps.cf
92
   notify: restart postfix
94
   notify: restart postfix
93
 
95
 
94
 - name: Set firewall rules for postfix
96
 - name: Set firewall rules for postfix

+ 3
- 1
roles/mailserver/templates/etc_dovecot_dovecot-sql.conf.ext.j2 View File

103
 #  SELECT username, domain, password \
103
 #  SELECT username, domain, password \
104
 #  FROM users WHERE username = '%n' AND domain = '%d'
104
 #  FROM users WHERE username = '%n' AND domain = '%d'
105
 
105
 
106
-password_query = SELECT email AS user, password FROM virtual_users WHERE email = '%u';
106
+password_query = SELECT username AS user, domain, password FROM virtual_users WHERE username = '%n' AND domain = '%d' and sendonly = false;
107
 
107
 
108
 # userdb query to retrieve the user information. It can return fields:
108
 # userdb query to retrieve the user information. It can return fields:
109
 #   uid - System UID (overrides mail_uid setting)
109
 #   uid - System UID (overrides mail_uid setting)
136
 
136
 
137
 # Query to get a list of all usernames.
137
 # Query to get a list of all usernames.
138
 #iterate_query = SELECT username AS user FROM users
138
 #iterate_query = SELECT username AS user FROM users
139
+
140
+iterate_query = SELECT username, domain FROM virtual_users WHERE sendonly = false;

+ 1
- 1
roles/mailserver/templates/etc_postfix_main.cf.j2 View File

72
   reject_non_fqdn_hostname,
72
   reject_non_fqdn_hostname,
73
   reject_non_fqdn_recipient,
73
   reject_non_fqdn_recipient,
74
   reject_unknown_recipient_domain,
74
   reject_unknown_recipient_domain,
75
-  permit
75
+  check_recipient_access pgsql:/etc/postfix/pgsql-recipient-access.cf
76
 
76
 
77
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
77
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
78
 # information on enabling SSL in the smtp client.
78
 # information on enabling SSL in the smtp client.

+ 5
- 0
roles/mailserver/templates/etc_postfix_pgsql-recipient-access.cf.j2 View File

1
+user = {{ mail_db_username }}
2
+password = {{ mail_db_password }}
3
+hosts = 127.0.0.1
4
+dbname = {{ mail_db_database }}
5
+query = SELECT CASE WHEN sendonly = true THEN 'REJECT' ELSE 'OK' END AS access FROM virtual_users WHERE username = '%u' and domain = '%d';

+ 5
- 0
roles/mailserver/templates/etc_postfix_pgsql-sender-login-maps.cf.j2 View File

1
+user = {{ mail_db_username }}
2
+password = {{ mail_db_password }}
3
+hosts = 127.0.0.1
4
+dbname = {{ mail_db_database }}
5
+query = SELECT concat(username, '@', domain) AS 'owns' FROM virtual_users WHERE username = '%u' AND domain = '%d' UNION SELECT destination AS 'owns' FROM virtual_aliases WHERE source = concat('%u', '@', '%d');

+ 1
- 1
roles/mailserver/templates/etc_postfix_pgsql-virtual-mailbox-maps.cf.j2 View File

2
 password = {{ mail_db_password }}
2
 password = {{ mail_db_password }}
3
 hosts = 127.0.0.1
3
 hosts = 127.0.0.1
4
 dbname = {{ mail_db_database }}
4
 dbname = {{ mail_db_database }}
5
-query = SELECT 1 FROM virtual_users WHERE email='%s'
5
+query = SELECT 1 FROM virtual_users WHERE username = '%u' and domain = '%d'

+ 17
- 16
roles/mailserver/templates/mailserver.sql.j2 View File

14
 
14
 
15
 CREATE TABLE IF NOT EXISTS "virtual_users" (
15
 CREATE TABLE IF NOT EXISTS "virtual_users" (
16
         "id" SERIAL,
16
         "id" SERIAL,
17
-        "domain_id" int NOT NULL,
17
+        "username" TEXT NOT NULL,
18
+        "domain" TEXT NOT NULL,
18
         "password" TEXT NOT NULL,
19
         "password" TEXT NOT NULL,
19
-        "email" TEXT NOT NULL UNIQUE,
20
-        PRIMARY KEY ("id"),
21
-        FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
20
+        "sendonly" boolean DEFAULT FALSE,
21
+        PRIMARY KEY ("id")
22
 );
22
 );
23
 
23
 
24
-
25
-CREATE UNIQUE INDEX email_idx ON virtual_users (email);
24
+CREATE UNIQUE INDEX email_idx ON virtual_users (username, domain);
26
 
25
 
27
 CREATE TABLE IF NOT EXISTS "virtual_aliases" (
26
 CREATE TABLE IF NOT EXISTS "virtual_aliases" (
28
         "id" SERIAL,
27
         "id" SERIAL,
29
-        "domain_id" int NOT NULL,
30
         "source" TEXT NOT NULL,
28
         "source" TEXT NOT NULL,
31
         "destination" TEXT NOT NULL,
29
         "destination" TEXT NOT NULL,
32
-        PRIMARY KEY ("id"),
33
-        FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
30
+        PRIMARY KEY ("id")
34
 );
31
 );
35
 
32
 
36
 CREATE INDEX source_idx ON virtual_aliases (source);
33
 CREATE INDEX source_idx ON virtual_aliases (source);
37
 
34
 
38
 {% for virtual_domain in virtual_domains %}
35
 {% for virtual_domain in virtual_domains %}
39
-INSERT INTO "virtual_domains" ("id", "name")
40
-        VALUES ('{{ virtual_domain.pk_id }}', '{{ virtual_domain.name }}');
36
+INSERT INTO "virtual_domains" ("name")
37
+        VALUES ('{{ virtual_domain.name }}');
41
 {% endfor %}
38
 {% endfor %}
42
 
39
 
43
 {% for virtual_user in mail_virtual_users %}
40
 {% for virtual_user in mail_virtual_users %}
44
-INSERT INTO "virtual_users"  ("domain_id", "password" , "email")
41
+INSERT INTO "virtual_users"  ("username", "domain", "password" , "sendonly")
45
 	VALUES (
42
 	VALUES (
46
-		'{{ virtual_user.domain_pk_id }}',
43
+		'{{ virtual_user.account }}',
44
+		'{{ virtual_user.domain }}',
47
 		'{{ virtual_user.password }}',
45
 		'{{ virtual_user.password }}',
48
-		'{{ virtual_user.account }}@{{ virtual_user.domain }}'
46
+		'{{ virtual_user.sendonly }}'
49
 	);
47
 	);
50
 {% endfor %}
48
 {% endfor %}
51
 
49
 
52
 {% if mail_virtual_aliases is defined %}
50
 {% if mail_virtual_aliases is defined %}
53
 {% for virtual_alias in mail_virtual_aliases %}
51
 {% for virtual_alias in mail_virtual_aliases %}
54
-INSERT INTO "virtual_aliases" ("domain_id", "source", "destination")
55
-    VALUES ('{{ virtual_alias.domain_pk_id }}', '{{ virtual_alias.source }}', '{{virtual_alias.destination }}');
52
+INSERT INTO "virtual_aliases" ("source", "destination")
53
+    VALUES (
54
+        '{{ virtual_alias.source }}',
55
+        '{{ virtual_alias.destination }}'
56
+    );
56
 {% endfor %}
57
 {% endfor %}
57
 {% endif %}
58
 {% endif %}

Loading…
Cancel
Save