From 28a97c92d72f7beb3704cbb878145d97e56ef162 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Mon, 15 Feb 2021 16:52:10 +0100 Subject: [PATCH 1/8] Strips sender's IP, client, and user agent headers --- Dockerfile | 3 ++- README.md | 5 +++++ entrypoint.sh | 7 +++++++ install/sender_header_filter.pcre | 5 +++++ 4 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 install/sender_header_filter.pcre diff --git a/Dockerfile b/Dockerfile index d01193c..a89e9af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,7 @@ RUN apk add --update --no-cache \ openssl \ postsrsd \ postfix \ + postfix-pcre \ syslog-ng \ tzdata \ \ @@ -41,7 +42,7 @@ COPY install/main.dist.cf /etc/postfix/main.cf COPY install/master.dist.cf /etc/postfix/master.cf COPY install/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf COPY install/opendkim.conf /etc/opendkim/opendkim.conf - +COPY install/sender_header_filter.pcre /etc/postfix/sender_header_filter.pcre RUN cat /dev/null > /etc/postfix/aliases && newaliases \ && echo simple-mail-forwarder.com > /etc/hostname \ && mkdir -p /run/opendkim && chown opendkim:opendkim /run/opendkim \ diff --git a/README.md b/README.md index cff0580..8401284 100644 --- a/README.md +++ b/README.md @@ -241,6 +241,11 @@ It is highly advised to mount `/var/db/dkim/` folder to host, so generated keypa docker run -e SMF_CONFIG="$SMF_CONFIG" -p 25:25 -v $(pwd)/dkim:/var/db/dkim/ zixia/simple-mail-forwarder ``` +Stripping sender details +------------------------ + +SMF will strip the sender's IP, client, and user agent headers when the `SMF_SENDERPRIVACY` environment variable is defined. + Helper Scripts -------------------- diff --git a/entrypoint.sh b/entrypoint.sh index 17cd512..8523947 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -19,6 +19,7 @@ Environment Variables: SMF_CONFIG - mail forward addresses mapping list. SMF_MYNETWORKS - configure relaying from trusted IPs, see http://www.postfix.org/postconf.5.html#mynetworks SMF_RELAYHOST - configure a relayhost + SMF_SENDERPRIVACY - strips sender's IP, client, and user agent. this creates a new smtp server which listens on port 25, forward all email from @@ -188,6 +189,12 @@ function start_postfix { postconf -e smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt fi + if [ "$SMF_SENDERPRIVACY" != "" ] + then + echo "Stripping sender's IP, client, and user agent." + postconf -e smtp_header_checks=pcre:/etc/postfix/sender_header_filter.pcre + fi + postfix start # migrating older single-domain DKIM (/var/db/dkim/default.*) to /var/db/dkim/$HOSTNAME/default.* diff --git a/install/sender_header_filter.pcre b/install/sender_header_filter.pcre new file mode 100644 index 0000000..306c90d --- /dev/null +++ b/install/sender_header_filter.pcre @@ -0,0 +1,5 @@ +/^(Received: from)[^\n]*(.*)/ REPLACE $1 127.0.0.1 (localhost [127.0.0.1])$2 +/^User-Agent/ IGNORE +/^X-Originating-IP/ IGNORE +/^X-Mailer:/ IGNORE +/^Mime-Version:/ IGNORE \ No newline at end of file From 1a3e5e5faa7e38b2a015309701ca68edb43e9fa8 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Tue, 16 Feb 2021 10:05:58 +0100 Subject: [PATCH 2/8] Bumping patch verison number --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 88c5fb8..347f583 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.4.0 +1.4.1 From 4f9821d7c21ea582ad16d60911e3dad11200a471 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Mon, 22 Feb 2021 11:14:51 +0100 Subject: [PATCH 3/8] SMF_POSTFIXMAIN_* to set custom postfix main.cf entries --- entrypoint.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/entrypoint.sh b/entrypoint.sh index 8523947..0602140 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -20,6 +20,7 @@ Environment Variables: SMF_MYNETWORKS - configure relaying from trusted IPs, see http://www.postfix.org/postconf.5.html#mynetworks SMF_RELAYHOST - configure a relayhost SMF_SENDERPRIVACY - strips sender's IP, client, and user agent. + SMF_POSTFIXMAIN_* - configure any postfix variable this creates a new smtp server which listens on port 25, forward all email from @@ -257,6 +258,15 @@ function start_postfix { echo "InternalHosts /etc/opendkim/TrustedHosts" >> /etc/opendkim/opendkim.conf fi + echo "Postfix main.cf custom entries from SMF_POSTFIXMAIN_" + # Allow for setting any Postfix variables in the config file through environment variables. + for e in ${!SMF_POSTFIXMAIN_*} ; do + OPT_NAME=$(echo ${e:16} | tr '[:upper:]' '[:lower:]') + OPT_VALUE=${!e} + echo "postconf -e "${OPT_NAME}=${OPT_VALUE}"" + postconf -e "${OPT_NAME}=${OPT_VALUE}" + done + } # From a3c8b9bd3b97490da70c14e6c159b3433dbfaaa6 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Mon, 22 Feb 2021 11:23:46 +0100 Subject: [PATCH 4/8] SMF_POSTFIXMASTER_* to set custom postfix master.cf entries --- entrypoint.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 0602140..53c7a10 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -20,7 +20,8 @@ Environment Variables: SMF_MYNETWORKS - configure relaying from trusted IPs, see http://www.postfix.org/postconf.5.html#mynetworks SMF_RELAYHOST - configure a relayhost SMF_SENDERPRIVACY - strips sender's IP, client, and user agent. - SMF_POSTFIXMAIN_* - configure any postfix variable + SMF_POSTFIXMAIN_* - configure any postfix main.cf variable + SMF_POSTFIXMASTER_* - configure any postfix master.cf variable this creates a new smtp server which listens on port 25, forward all email from @@ -266,7 +267,14 @@ function start_postfix { echo "postconf -e "${OPT_NAME}=${OPT_VALUE}"" postconf -e "${OPT_NAME}=${OPT_VALUE}" done - + echo "Postfix master.cf custom entries from SMF_POSTFIXMASTER_" + # Allow for setting any Postfix variables in the config file through environment variables. + for e in ${!SMF_POSTFIXMASTER_*} ; do + OPT_NAME=$(echo ${e:18} | tr '[:upper:]' '[:lower:]' | tr '_' '/') + OPT_VALUE=${!e} + echo "postconf -P "${OPT_NAME}=${OPT_VALUE}"" + postconf -P "${OPT_NAME}=${OPT_VALUE}" + done } # From a6af9e01ed971e7feb89a8d66c4bce80b6e4c4d7 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Mon, 22 Feb 2021 11:53:32 +0100 Subject: [PATCH 5/8] Using sed to handle master.cf custom variables --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 53c7a10..98767ff 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -270,7 +270,7 @@ function start_postfix { echo "Postfix master.cf custom entries from SMF_POSTFIXMASTER_" # Allow for setting any Postfix variables in the config file through environment variables. for e in ${!SMF_POSTFIXMASTER_*} ; do - OPT_NAME=$(echo ${e:18} | tr '[:upper:]' '[:lower:]' | tr '_' '/') + OPT_NAME=$(echo ${e:18} | tr '[:upper:]' '[:lower:]' | sed 's/__/\//g') OPT_VALUE=${!e} echo "postconf -P "${OPT_NAME}=${OPT_VALUE}"" postconf -P "${OPT_NAME}=${OPT_VALUE}" From a3e53779d67431cb0df07ef976433b3344bd4586 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Mon, 22 Feb 2021 11:53:48 +0100 Subject: [PATCH 6/8] README.md explains env variables for custom main.cf and master.cf --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index 8401284..57aacd2 100644 --- a/README.md +++ b/README.md @@ -246,6 +246,22 @@ Stripping sender details SMF will strip the sender's IP, client, and user agent headers when the `SMF_SENDERPRIVACY` environment variable is defined. + +Custom postfix configuration +---------------------------- + +SMF allows to use environment variables to add or change lines to postfix `main.cf` and `master.cf` configuration files. + +- `SMF_POSTFIXMAIN_*` variables will edit postfix `main.cf` entries. + - Format: `SMF_POSTFIXMAIN_option_name=value` + - Example: `SMF_POSTFIXMAIN_soft_bounce=yes` will call `postconf -e soft_bounce=yes` and add the option. + +- `SMF_POSTFIXMASTER_*` variables will edit postfix `master.cf`. + - Format: `SMF_POSTFIXMASTER_service__name__type__parameter_name=value` Please note the double underscore `__` to differentiate service and type (which require a `/` as separation symbol) and the single underscore `_` used only by parameter names. + - Example: `SMF_POSTFIXMASTER_submission__inet__smtpd__recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject` will call `postconf -P submission/inet/smtpd/recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject` and add the option. + + + Helper Scripts -------------------- From cb0a87d0a358492545f55c7a11963f8cfbccad56 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Mon, 22 Feb 2021 14:04:34 +0100 Subject: [PATCH 7/8] Tests for custom main.cf and master.cf --- entrypoint.sh | 5 ++--- test/simple-mail-forwarder.bats | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 98767ff..62e58f8 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -260,7 +260,7 @@ function start_postfix { fi echo "Postfix main.cf custom entries from SMF_POSTFIXMAIN_" - # Allow for setting any Postfix variables in the config file through environment variables. + # Allow for setting any Postfix variables in the main.cf file through environment variables. for e in ${!SMF_POSTFIXMAIN_*} ; do OPT_NAME=$(echo ${e:16} | tr '[:upper:]' '[:lower:]') OPT_VALUE=${!e} @@ -268,11 +268,10 @@ function start_postfix { postconf -e "${OPT_NAME}=${OPT_VALUE}" done echo "Postfix master.cf custom entries from SMF_POSTFIXMASTER_" - # Allow for setting any Postfix variables in the config file through environment variables. + # Allow for setting any Postfix variables in the master.cf file through environment variables. for e in ${!SMF_POSTFIXMASTER_*} ; do OPT_NAME=$(echo ${e:18} | tr '[:upper:]' '[:lower:]' | sed 's/__/\//g') OPT_VALUE=${!e} - echo "postconf -P "${OPT_NAME}=${OPT_VALUE}"" postconf -P "${OPT_NAME}=${OPT_VALUE}" done } diff --git a/test/simple-mail-forwarder.bats b/test/simple-mail-forwarder.bats index 015658b..843bd15 100644 --- a/test/simple-mail-forwarder.bats +++ b/test/simple-mail-forwarder.bats @@ -183,3 +183,21 @@ done [ $? -eq 0 ] } + +@test "test custom main.cf entries" { + for e in ${!SMF_POSTFIXMAIN_*} ; do + OPT_NAME=$(echo ${e:16} | tr '[:upper:]' '[:lower:]') + OPT_VALUE=${!e} + ret=$(postconf | grep "$OPT_NAME" | grep "$OPT_VALUE") + [[ ! -z "$ret" ]] + done +} + +@test "test custom master.cf entries" { + for e in ${!SMF_POSTFIXMASTER_*} ; do + OPT_NAME=$(echo ${e:18} | tr '[:upper:]' '[:lower:]' | sed 's/__/\//g') + OPT_VALUE=${!e} + ret=$(postconf -P | grep "$OPT_NAME" | grep "$OPT_VALUE") + [[ ! -z "$ret" ]] + done +} From 390480e5ecf8c2a3ae7b88c81408b8eb1887bf35 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Mon, 22 Feb 2021 14:23:48 +0100 Subject: [PATCH 8/8] Fixes #92 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 347f583..9df886c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.4.1 +1.4.2