diff options
author | EuAndreh <eu@euandre.org> | 2023-03-17 16:02:16 -0300 |
---|---|---|
committer | EuAndreh <eu@euandre.org> | 2023-03-17 16:02:16 -0300 |
commit | f2fc4a6cc2a71d93d822de58a2fe75dcded9f1b1 (patch) | |
tree | d77b1e63f10527e5dcd36797f5567124163a6ef8 /src/org/euandre/queue.scm | |
parent | queue.scm: Put Dovecot config file under /etc/dovecot/dovecot.conf by default (diff) | |
download | package-repository-f2fc4a6cc2a71d93d822de58a2fe75dcded9f1b1.tar.gz package-repository-f2fc4a6cc2a71d93d822de58a2fe75dcded9f1b1.tar.xz |
queue.scm: Parameterize address of DKIM mail filter in Postfix
Diffstat (limited to 'src/org/euandre/queue.scm')
-rw-r--r-- | src/org/euandre/queue.scm | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/src/org/euandre/queue.scm b/src/org/euandre/queue.scm index fcb65ab..fa48526 100644 --- a/src/org/euandre/queue.scm +++ b/src/org/euandre/queue.scm @@ -891,30 +891,37 @@ By default, the daemon runs in a container."))) (cert-file postfix-configuration-cert-file (default #f)) (key-file postfix-configuration-key-file (default #f)) (hostname postfix-configuration-hostname (default (gethostname))) + (dkim-filter-listen postfix-configuration-dkim-filter-listen (default "[127.0.0.1]:10027")) + (dkim-filter-relay postfix-configuration-dkim-filter-relay (default "127.0.0.1:10028")) (run-in-container? postfix-configuration-run-in-container? (default #f)) (container-name postfix-configuration-container-name (default "postfix")) (container-namespaces postfix-configuration-container-namespaces (default (s1:fold delq container:%namespaces '(net)))) (extra-mappings postfix-configuration-extra-mappings (default '()))) +(define (dksign-filter dkim-filter-listen) + (format #f + " + -o content_filter=dksign:~a" + dkim-filter-listen)) - -(define submission-config " +(define (submission-config dkim-filter-listen) + (format #f + " submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt - -o content_filter=dksign:[127.0.0.1]:10027") - -(define dksign-filter " - -o content_filter=dksign:[127.0.0.1]:10027") + -o content_filter=dksign:~a" + dkim-filter-listen)) -; FIXME: doesn't work for sendmail -t in localhost -(define dksign-config " +(define (dksign-config dkim-filter-relay) + (format #f + " dksign unix - - n - - smtp -o syslog_name=postfix/dkimproxyout-listen -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime,starttls -127.0.0.1:10028 inet n - n - - smtpd +~a inet n - n - - smtpd -o syslog_name=postfix/dkimproxyout-relay -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks @@ -924,13 +931,12 @@ dksign unix - - n - - smtp -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -") +" + dkim-filter-relay)) -; FIXME: hardcoded value of dkimproxy listen and relay -; FIXME: replace 127.0.0.1 with localhost (define (generate-master.cf config) (match-record config <postfix-configuration> - (enable-submission? master.cf-extra) + (enable-submission? master.cf-extra dkim-filter-listen dkim-filter-relay) (format #f "# ============================================================================================================ # service type private unpriv chroot wakeup maxproc command + args @@ -963,9 +969,9 @@ verify unix - - n - 1 verify virtual unix - n n - - virtual postlog unix-dgram n - n - 1 postlogd ~a~a~a" - (if enable-submission? dksign-filter "") - (if enable-submission? submission-config "") - (if enable-submission? dksign-config "") + (if enable-submission? (dksign-filter dkim-filter-listen) "") + (if enable-submission? (submission-config dkim-filter-listen) "") + (if enable-submission? (dksign-config dkim-filter-relay) "") master.cf-extra))) (define (cert-for prefix config) |