From 35e02a3d9bae04f15c2add66d89905df27ab0e65 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Thu, 12 Jul 2007 19:25:09 +0000 Subject: Verify senders from known (other realms of same Redpill) domains. Rename param -> file in catfirstfile function. --- postfix/postfix.sh | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) (limited to 'postfix') diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 8f8459b..5a79969 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -3,7 +3,7 @@ # /etc/local-COMMON/postfix/postfix.sh # Copyright 2002-2007 Jonas Smedegaard # -# $Id: postfix.sh,v 1.48 2007-07-12 18:59:06 jonas Exp $ +# $Id: postfix.sh,v 1.49 2007-07-12 19:25:09 jonas Exp $ # # Auto-tweak plain installed postfix Debian package # @@ -15,6 +15,7 @@ set -e +realmsdir='/etc/local-REDPILL' configdirs='/etc/local/postfix /etc/local-ORG/postfix /etc/local-REDPILL/postfix /etc/local-COMMON/postfix' confdir='/etc/postfix' postconf=/usr/sbin/postconf @@ -23,6 +24,9 @@ if ! $postconf -d mail_version | grep -q '= 2\.2'; then echo "ERROR: Bad postfix version - this script is known to work only for postfix 2.2" exit 1 fi +if ! [ -d "$realmsdir" ]; then + echo "WARNING: Realms directory \"$realmsdir\" does not exist." +fi postgrey= if [ -x /usr/sbin/postgrey ]; then # FIXME: Use this somehow, and only warn below @@ -42,19 +46,35 @@ else fi sasldir="$confdir/sasl" +catallfilesfromotherrealms() { + file="$1" + [ -d "$realmsdir" ] || exit 0 + [ -f "$realmsdir/realms" ] || exit 0 + + realms="$(cat "$realmsdir/realms" | sed 's/#.*//')" + thisdomain="$(dnsdomainname)" + + for realm in $realms; do + if [ "$thisdomain" != "$realm" ]; then + cat "$realmsdir/$realm/$file" + fi + done +} + catfirstfile() { + file="$1" configdir='' for dir in $configdirs; do - if [ -d "$dir" ] && [ -f "$dir/$param" ]; then + if [ -d "$dir" ] && [ -f "$dir/$file" ]; then configdir="$dir" break fi done if [ -z "$configdir" ]; then - echo "ERROR: Parameter file for \"$param\" not found." + echo "ERROR: file \"$file\" not found." exit 1 fi - cat "$configdir/$param" + cat "$configdir/$file" } getlinesfromfile() { @@ -107,6 +127,7 @@ $postconf -e "`getlinesfromfile smtpd_data_restrictions`" # Verify senders of known and suspect domains # FIXME: somehow do this step only if enabled in smtpd_sender_restrictions cat /etc/local-COMMON/postfix/maildomains | sort | sed 's/$/ reject_unverified_sender/' > "$confdir/sender_access" +catallfilesfromotherrealms maildomains | sort | sed 's/$/ reject_unverified_sender/' >> "$confdir/sender_access" postmap "$confdir/sender_access" $postconf -e "unverified_sender_reject_code = 550" -- cgit v1.2.3