summaryrefslogtreecommitdiff
path: root/postfix
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2008-05-25 16:15:01 +0000
committerJonas Smedegaard <dr@jones.dk>2008-05-25 16:15:01 +0000
commit7f7086e0679639396dd1660d57602a03e51dc680 (patch)
tree42624a6fdffb59ad8126158600566e3c470568ea /postfix
parente1406e97cb1ae686f4100f5076999cae58b7cfee (diff)
Add support for DKIMproxy.
Diffstat (limited to 'postfix')
-rwxr-xr-xpostfix/postfix.sh24
-rw-r--r--postfix/smtpd_sender_restrictions3
2 files changed, 24 insertions, 3 deletions
diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index 88e52ed..05dc277 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -3,7 +3,7 @@
# /etc/local-COMMON/postfix/postfix.sh
# Copyright 2002-2007 Jonas Smedegaard <dr@jones.dk>
#
-# $Id: postfix.sh,v 1.68 2008-02-28 19:45:45 jonas Exp $
+# $Id: postfix.sh,v 1.69 2008-05-25 16:15:01 jonas Exp $
#
# Auto-tweak plain installed postfix Debian package
#
@@ -58,6 +58,13 @@ else
echo >&2 "WARNING: Encryption requires SSL certificate at /etc/ssl/certs/postfix.pem."
fi
+dkimproxy=
+if [ -x /usr/bin/dkimsign ]; then
+ dkimproxy=1
+else
+ echo >&2 "WARNING: Avoiding DKIMproxy setup: not installed or fully configured."
+fi
+
catfilefromownrealm() {
file="$1"
[ -d "$realmsdir" ] || exit 0
@@ -149,6 +156,15 @@ $postconf -c "$tempdir" -e "`getlinesfromfile smtpd_sender_restrictions reject_r
$postconf -c "$tempdir" -e "`getlinesfromfile smtpd_recipient_restrictions reject_maps_rbl=reject_rbl_client=maps_rbl_domains`"
$postconf -c "$tempdir" -e "`getlinesfromfile smtpd_data_restrictions`"
+if [ -n "$dkimproxy" ]; then
+ [ -f "$tempdir/sender_access_regex" ] \
+ && grep -q -F '/^/ FILTER dkimsign:[127.0.0.1]:10026' "$tempdir/sender_access_regex" \
+ || echo '/^/ FILTER dkimsign:[127.0.0.1]:10026' >> "$tempdir/sender_access_regex"
+else
+ [ -f "$tempdir/sender_access_regex" ] \
+ || echo "touch \"$confdir/sender_access_regex\"" >> "$tempdir/COMMANDS"
+fi
+
# Support exceptions to default response
# (Day Old Bread (dob) lists need to reject only temporarily)
$postconf -c "$tempdir" -e "rbl_reply_maps = hash:$confdir/rbl_reply_map"
@@ -269,7 +285,11 @@ EOF
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
EOF
- $postconf -c "$tempdir" -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
+ if [ -n "$dkimproxy" ]; then
+ $postconf -c "$tempdir" -e 'content_filter = smtp-amavis:[127.0.0.1]:10028'
+ else
+ $postconf -c "$tempdir" -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
+ fi
fi
diff -ruN "$confdir" "$tempdir" || if [ $? -gt 1 ]; then exit $?; fi
diff --git a/postfix/smtpd_sender_restrictions b/postfix/smtpd_sender_restrictions
index 6a2aeba..6e27aa6 100644
--- a/postfix/smtpd_sender_restrictions
+++ b/postfix/smtpd_sender_restrictions
@@ -3,7 +3,7 @@
#
# Used by tweak script postfix.sh
#
-# $Id: smtpd_sender_restrictions,v 1.5 2007-07-13 11:23:57 jonas Exp $
+# $Id: smtpd_sender_restrictions,v 1.6 2008-05-25 16:15:01 jonas Exp $
#
permit_mynetworks # (needed to allow some Debian daemons send to localhost)
@@ -11,4 +11,5 @@ reject_non_fqdn_sender
reject_unknown_sender_domain
check_sender_access^hash:/etc/postfix/sender_access # FIXME: somehow only enable this if the file actually exist
reject_rhsbl_sender # Activate Realtime Hostbased Sender Blackhole Lists (with Postfix 2.x, expanded to content of file of same name)
+check_sender_access^regexp:/etc/postfix/sender_access_regex # DKIMproxy filter
permit