From 7f7086e0679639396dd1660d57602a03e51dc680 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sun, 25 May 2008 16:15:01 +0000 Subject: Add support for DKIMproxy. --- postfix/postfix.sh | 24 ++++++++++++++++++++++-- postfix/smtpd_sender_restrictions | 3 ++- 2 files changed, 24 insertions(+), 3 deletions(-) (limited to 'postfix') diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 88e52ed..05dc277 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -3,7 +3,7 @@ # /etc/local-COMMON/postfix/postfix.sh # Copyright 2002-2007 Jonas Smedegaard # -# $Id: postfix.sh,v 1.68 2008-02-28 19:45:45 jonas Exp $ +# $Id: postfix.sh,v 1.69 2008-05-25 16:15:01 jonas Exp $ # # Auto-tweak plain installed postfix Debian package # @@ -58,6 +58,13 @@ else echo >&2 "WARNING: Encryption requires SSL certificate at /etc/ssl/certs/postfix.pem." fi +dkimproxy= +if [ -x /usr/bin/dkimsign ]; then + dkimproxy=1 +else + echo >&2 "WARNING: Avoiding DKIMproxy setup: not installed or fully configured." +fi + catfilefromownrealm() { file="$1" [ -d "$realmsdir" ] || exit 0 @@ -149,6 +156,15 @@ $postconf -c "$tempdir" -e "`getlinesfromfile smtpd_sender_restrictions reject_r $postconf -c "$tempdir" -e "`getlinesfromfile smtpd_recipient_restrictions reject_maps_rbl=reject_rbl_client=maps_rbl_domains`" $postconf -c "$tempdir" -e "`getlinesfromfile smtpd_data_restrictions`" +if [ -n "$dkimproxy" ]; then + [ -f "$tempdir/sender_access_regex" ] \ + && grep -q -F '/^/ FILTER dkimsign:[127.0.0.1]:10026' "$tempdir/sender_access_regex" \ + || echo '/^/ FILTER dkimsign:[127.0.0.1]:10026' >> "$tempdir/sender_access_regex" +else + [ -f "$tempdir/sender_access_regex" ] \ + || echo "touch \"$confdir/sender_access_regex\"" >> "$tempdir/COMMANDS" +fi + # Support exceptions to default response # (Day Old Bread (dob) lists need to reject only temporarily) $postconf -c "$tempdir" -e "rbl_reply_maps = hash:$confdir/rbl_reply_map" @@ -269,7 +285,11 @@ EOF -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 EOF - $postconf -c "$tempdir" -e 'content_filter = smtp-amavis:[127.0.0.1]:10024' + if [ -n "$dkimproxy" ]; then + $postconf -c "$tempdir" -e 'content_filter = smtp-amavis:[127.0.0.1]:10028' + else + $postconf -c "$tempdir" -e 'content_filter = smtp-amavis:[127.0.0.1]:10024' + fi fi diff -ruN "$confdir" "$tempdir" || if [ $? -gt 1 ]; then exit $?; fi diff --git a/postfix/smtpd_sender_restrictions b/postfix/smtpd_sender_restrictions index 6a2aeba..6e27aa6 100644 --- a/postfix/smtpd_sender_restrictions +++ b/postfix/smtpd_sender_restrictions @@ -3,7 +3,7 @@ # # Used by tweak script postfix.sh # -# $Id: smtpd_sender_restrictions,v 1.5 2007-07-13 11:23:57 jonas Exp $ +# $Id: smtpd_sender_restrictions,v 1.6 2008-05-25 16:15:01 jonas Exp $ # permit_mynetworks # (needed to allow some Debian daemons send to localhost) @@ -11,4 +11,5 @@ reject_non_fqdn_sender reject_unknown_sender_domain check_sender_access^hash:/etc/postfix/sender_access # FIXME: somehow only enable this if the file actually exist reject_rhsbl_sender # Activate Realtime Hostbased Sender Blackhole Lists (with Postfix 2.x, expanded to content of file of same name) +check_sender_access^regexp:/etc/postfix/sender_access_regex # DKIMproxy filter permit -- cgit v1.2.3