Hello community,
here is the log from the commit of package opensuse-postfix-image for
openSUSE:Factory checked in at 2020-11-11 20:46:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/opensuse-postfix-image (Old)
and /work/SRC/openSUSE:Factory/.opensuse-postfix-image.new.26437 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opensuse-postfix-image"
Wed Nov 11 20:46:56 2020 rev:3 rq:847699 version:1.0.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/opensuse-postfix-image/opensuse-postfix-image.changes
2020-07-20 21:05:24.145338144 +0200
+++
/work/SRC/openSUSE:Factory/.opensuse-postfix-image.new.26437/opensuse-postfix-image.changes
2020-11-11 20:47:00.283681513 +0100
@@ -1,0 +2,25 @@
+Wed Nov 4 14:53:10 UTC 2020 - Thorsten Kukuk <[email protected]>
+
+- Only use username in vmail path
+
+-------------------------------------------------------------------
+Wed Nov 4 10:36:08 UTC 2020 - Thorsten Kukuk <[email protected]>
+
+- Unify and fix ldap bind_dn/bind_pw handling
+
+-------------------------------------------------------------------
+Tue Oct 27 13:16:38 UTC 2020 - Thorsten Kukuk <[email protected]>
+
+- Add support for /etc/pki
+
+-------------------------------------------------------------------
+Thu Aug 27 15:03:12 UTC 2020 - Thorsten Kukuk <[email protected]>
+
+- Add postfix-ldap to package list
+
+-------------------------------------------------------------------
+Sat Aug 22 05:33:42 UTC 2020 - Thorsten Kukuk <[email protected]>
+
+- Add LDAP support
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ opensuse-postfix-image.kiwi ++++++
--- /var/tmp/diff_new_pack.SW5XYh/_old 2020-11-11 20:47:01.283682452 +0100
+++ /var/tmp/diff_new_pack.SW5XYh/_new 2020-11-11 20:47:01.287682456 +0100
@@ -27,6 +27,8 @@
</expose>
<volumes>
<volume name="/var/spool/postfix"/>
+ <volume name="/var/spool/vmail"/>
+ <volume name="/etc/pki"/>
</volumes>
<labels>
<suse_label_helper:add_prefix prefix="org.opensuse.postfix">
@@ -51,13 +53,13 @@
<packages type="bootstrap">
<package name="bash"/>
<package name="postfix"/>
+ <package name="postfix-ldap"/>
<package name="mandoc"/>
<package name="netcfg"/>
<package name="cyrus-sasl"/>
<package name="cyrus-sasl-plain"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
- <package name="-busybox-adduser"/>
<package name="-busybox-findutils"/>
<package name="-busybox-man"/>
<package name="-busybox-sendmail"/>
++++++ README.md ++++++
--- /var/tmp/diff_new_pack.SW5XYh/_old 2020-11-11 20:47:01.467682625 +0100
+++ /var/tmp/diff_new_pack.SW5XYh/_new 2020-11-11 20:47:01.471682628 +0100
@@ -9,7 +9,7 @@
In all examples, `podman` can be replaced directly with `docker`.
## Supported environment variables:
-- `DEBUG=yes|no` Enables "set -x" in the entrypoint script.
+- `DEBUG=[0|1]` Enables "set -x" in the entrypoint script.
- `TZ` Timezone to use in the container.
- `SERVER_HOSTNAME` Server hostname. Emails will appear to come from the
hostname's domain.
- `SERVER_DOMAIN` If not set, the domain part of `SERVER_HOSTNAME` will
be used.
@@ -21,15 +21,22 @@
- `INET_PROTOCOLS` The network interface protocols used for connections.
Valid values are "all", "ipv4", "ipv6" or "ipv4,ipv6". The default value is
"ipv4".
- `MASQUERADE_DOMAINS` Comma separated list of domains that must have their
subdomain structure stripped off.
- `MYDESTINATION` List of domains for which mails are delivered locally
instead of forwarding to another machine.
-- `VIRTUAL_MBOX=1` Create virtual mail boxes in /var/spool/vmail owned by
user vmail.
+- `VIRTUAL_MBOX=[0|1]` Create virtual mail boxes in /var/spool/vmail owned by
user vmail.
- `VMAIL_UID=5000` User ID and group ID of the vmail user for virtual
domains and mailboxes.
- `VIRTUAL_DOMAINS=` Whitespace seperated list of virtual domains, will be
written to `/etc/postfix/vhosts`.
- `VIRTUAL_USERS=` Whitespace seperated list of virtual users email
addresses.
-
+- `USE_LDAP=[0|1]` Use LDAP for virtual mail box user accounts.
+- `LDAP_BASE_DN` LDAP base DN, defaults to `dc=example,dc=org`.
+- `LDAP_SERVER_URL` LDAP Server URL, defaults to `ldap://localhost`.
+- `LDAP_BIND_DN` DN to bind, defaults to
`cn=mailAccountReader,ou=Manager,dc=example,dc=org`
+- `LDAP_BIND_PASSWORD` The password for the distinguished name to bind
(`LDAP_BIND_DN`)
+- `LDAP_USE_TLS=[1|0]` Use TLS for LDAP queries, by default enabled.
+- `LDAP_TLS_CA_CRT` LDAP SSL CA certificate.
## Data persistence volumes
- `/var/spool/postfix` Postfix mail queues. A data volume should be used in
order to save the queue content if the container restarts.
- `/var/spool/vmail` Virtual user mboxes. This directory contains the mails
stored in Maildir format of the virtual users of the virtual domains.
Everything is owned by the `vmail` user.
+- `/etc/pki` PKI directories for CA certificates
## Virtual domains and virtual users
++++++ _service ++++++
--- /var/tmp/diff_new_pack.SW5XYh/_old 2020-11-11 20:47:01.547682700 +0100
+++ /var/tmp/diff_new_pack.SW5XYh/_new 2020-11-11 20:47:01.551682704 +0100
@@ -13,6 +13,7 @@
<param name="subdir">postfix</param>
<param name="filename">entrypoint</param>
<param name="include">entrypoint.sh</param>
+ <param name="include">ldap</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">*.tar</param>
++++++ entrypoint.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/entrypoint/entrypoint.sh new/entrypoint/entrypoint.sh
--- old/entrypoint/entrypoint.sh 2020-07-20 10:35:06.000000000 +0200
+++ new/entrypoint/entrypoint.sh 2020-11-04 15:53:50.000000000 +0100
@@ -1,6 +1,9 @@
#!/bin/bash
-[ "${DEBUG}" = "yes" ] && set -x
+[ "${DEBUG}" = "1" ] && set -x
+
+VIRTUAL_MBOX=${VIRTUAL_MBOX:-"0"}
+USE_LDAP=${USE_LDAP:-"0"}
export PATH=/usr/sbin:/sbin:${PATH}
@@ -17,11 +20,16 @@
}
set_config_value() {
+ local failed
key=${1}
value=${2}
echo "Setting configuration option \"${key}\" with value \"${value}\""
- postconf -e "${key} = ${value}"
+ postconf -e "${key} = ${value}" || failed=1
+ if [ "$failed" ]; then
+ echo "ERROR: postconf -e ${key} ${value} failed!"
+ exit 1
+ fi
}
# usage: file_env VAR [DEFAULT]
@@ -47,18 +55,25 @@
}
update_db() {
+ local failed
+
while test "x$1" != "x" ; do
pfmap=/etc/postfix/${1}
test -e "${pfmap}" && \
if test "${pfmap}" -nt "${pfmap}.db" -o ! -e "${pfmap}.db" ; then
echo "rebuilding ${pfmap}.db"
- postmap "${pfmap}"
+ postmap "${pfmap}" || failed=1
+ if [ "$failed" ]; then
+ echo "ERROR: postmap ${pfmap} failed!"
+ exit 1
+ fi
fi
shift
done
}
setup_aliases() {
+ local failed
get_alias_maps() {
test -d /etc/aliases.d && test "$(echo /etc/aliases.d/*)" !=
"/etc/aliases.d/*" && \
@@ -77,7 +92,11 @@
for i in $(get_alias_maps); do
ALLMAPS="${ALLMAPS}, hash:$i"
echo "Building $i.db"
- postalias "${i}"
+ postalias "${i}" || failed=1
+ if [ "${failed}" ]; then
+ echo "ERROR: postalias ${i} failed!"
+ exit 1
+ fi
done
set_config_value "alias_maps" "${ALLMAPS}"
}
@@ -138,36 +157,71 @@
# Create the vmail user with the requested UID, else 5000
VMAIL_UID="${VMAIL_UID:-5000}"
if [ -x /usr/sbin/adduser ]; then
- adduser -D -h /var/spool/vmail -g "Virtual Mail User" -u ${VMAIL_UID}
-s /sbin/nologin vmail
- if [ $? -ne 0 ]; then
- echo "ERROR: creating of vmail user failed! Aborting."
- exit 1
- fi
+ adduser -D -h /var/spool/vmail -g "Virtual Mail User" -u "${VMAIL_UID}"
-s /sbin/nologin vmail
else
- useradd -d /var/spool/vmail -U -c "Virtual Mail User" -u ${VMAIL_UID}
vmail
- if [ $? -ne 0 ]; then
- echo "ERROR: creating of vmail user failed! Aborting."
+ useradd -d /var/spool/vmail -U -c "Virtual Mail User" -u
"${VMAIL_UID}" vmail
+ fi
+ if [ $? -ne 0 ]; then
+ echo "ERROR: creating of vmail user failed! Aborting."
+ exit 1
+ fi
+
+ if [ ! -d /var/spool/vmail ]; then
+ mkdir -p /var/spool/vmail
+ chown vmail:vmail /var/spool/vmail
+ chmod 775 /var/spool/vmail
+ fi
+
+ if [ "${USE_LDAP}" -eq "1" ]; then
+ LDAP_BASE_DN=${LDAP_BASE_DN:-"dc=example,dc=org"}
+ LDAP_SERVER_URL=${LDAP_SERVER_URL:-"ldap://localhost"}
+ LDAP_USE_TLS=${LDAP_USE_TLS:-"1"}
+
LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=mailAccountReader,ou=Manager,${LDAP_BASE_DN}"}
+ file_env LDAP_BIND_PASSWORD
+ if [ -z "${LDAP_BIND_PASSWORD}" ]; then
+ echo "LDAP_BIND_PASSWORD is not set"
exit 1
fi
- if [ ! -d /var/spool/vmail ]; then
- mkdir -p /var/spool/vmail
- chown vmail:vmail /var/spool/vmail
- chmod 775 /var/spool/vmail
+
+ # Adjust LDAP variables
+ mkdir -p /etc/postfix/ldap
+ for map in smtpd_sender_login_maps virtual_alias_domains
virtual_alias_maps virtual_gid_maps virtual_mailbox_maps virtual_uid_maps ; do
+ sed -e "s|@LDAP_BASE_DN@|${LDAP_BASE_DN}|g" \
+ -e "s|@LDAP_SERVER_URL@|${LDAP_SERVER_URL}|g" \
+ -e "s|@LDAP_BIND_DN@|${LDAP_BIND_DN}|g" \
+ -e "s|@LDAP_BIND_PASSWORD@|${LDAP_BIND_PASSWORD}|g" \
+ "/entrypoint/ldap/${map}" > "/etc/postfix/ldap/${map}"
+ if [ "${LDAP_USE_TLS}" = "1" ]; then
+ sed -i -e 's|^start_tls.*|start_tls = yes|g'
"/etc/postfix/ldap/${map}"
+ else
+ sed -i -e 's|^start_tls.*|start_tls = no|g'
"/etc/postfix/ldap/${map}"
+ fi
+ if [ -n "${LDAP_TLS_CA_CRT}" ]; then
+ sed -i -e "s|^#tls_ca_cert_file =.*|tls_ca_cert_file =
${LDAP_TLS_CA_CRT}|g" "/etc/postfix/ldap/${map}"
+ fi
+ done
+
+ set_config_value "virtual_alias_domains"
"ldap:/etc/postfix/ldap/virtual_alias_domains"
+ set_config_value "virtual_alias_maps"
"ldap:/etc/postfix/ldap/virtual_alias_maps"
+ set_config_value "virtual_mailbox_maps"
"ldap:/etc/postfix/ldap/virtual_mailbox_maps"
+ set_config_value "smtpd_sender_login_maps"
"ldap:/etc/postfix/ldap/smtpd_sender_login_maps"
+ else
+ set_config_value "virtual_mailbox_maps" "hash:/etc/postfix/vmaps"
+ set_config_value "virtual_mailbox_limit_maps" "hash:/etc/postfix/vquota"
+
+ # Only create vmaps if not provided by admin
+ if [ ! -f /etc/postfix/vmaps ]; then
+ for mail in ${VIRTUAL_USERS} ; do
+ user=${mail%@*}
+ domain=${mail#*@}
+ echo "${mail} ${domain}/${user}/" >> /etc/postfix/vmaps
+ echo "${mail} 0" >> /etc/postfix/vquota
+ done
fi
+ update_db vquota
fi
set_config_value "virtual_mailbox_domains" "/etc/postfix/vhosts"
- set_config_value "virtual_mailbox_base" "/var/spool/vmail"
- set_config_value "virtual_mailbox_maps" "hash:/etc/postfix/vmaps"
- set_config_value "virtual_minimum_uid" "1000"
- set_config_value "virtual_uid_maps" "static:${VMAIL_UID}"
- set_config_value "virtual_gid_maps" "static:${VMAIL_UID}"
- set_config_value "home_mailbox" "Maildir/"
- # XXX make this configureable and adjust message_size_limit
- set_config_value "virtual_mailbox_limit" "0"
- set_config_value "mailbox_size_limit" "0" # "51200000"
- set_config_value "message_size_limit" "0" # "10240000"
- set_config_value "virtual_mailbox_limit_maps" "hash:/etc/postfix/vquota"
# Only create vhosts if not provided by admin
if [ ! -f /etc/postfix/vhosts ]; then
if [ -n "${VIRTUAL_DOMAINS}" ]; then
@@ -175,21 +229,20 @@
echo "$d" >> /etc/postfix/vhosts
done
else
- echo "${SERVER_DOMAIN}" > /etc/postfix/vhosts
+ echo "${SERVER_DOMAIN}" > /etc/postfix/vhosts
fi
fi
-
- # Only create vmaps if not provided by admin
- if [ ! -f /etc/postfix/vmaps ]; then
- for mail in ${VIRTUAL_USERS} ; do
- user=${mail%@*}
- domain=${mail#*@}
- echo "${mail} ${domain}/${user}/" >> /etc/postfix/vmaps
- echo "${mail} 0" >> /etc/postfix/vquota
- done
- fi
update_db vmaps
- update_db vquota
+
+ set_config_value "virtual_mailbox_base" "/var/spool/vmail"
+ set_config_value "virtual_minimum_uid" "1000"
+ set_config_value "virtual_uid_maps" "static:${VMAIL_UID}"
+ set_config_value "virtual_gid_maps" "static:${VMAIL_UID}"
+ set_config_value "home_mailbox" "Maildir/"
+ # XXX make this configureable and adjust message_size_limit
+ set_config_value "virtual_mailbox_limit" "0"
+ set_config_value "mailbox_size_limit" "0" # "51200000"
+ set_config_value "message_size_limit" "0" # "10240000"
}
configure_postfix() {
@@ -257,13 +310,13 @@
) > /dev/null 2>&1 &
postfix stop
- terminate /sbin/syslogd
+ terminate /usr/sbin/syslogd
}
start_postfix() {
# Don't start syslogd in background while starting it in the background...
# Logging to stdout does not work else.
- /sbin/syslogd -n -S -O - &
+ /usr/sbin/syslogd -n -S -O - &
"$@"
}
@@ -278,6 +331,8 @@
init_trap
setup_timezone
+# Update certificates if /etc/pki is mounted from the host
+update-ca-certificates
# configure postfix even if postfix will not be started, to
# allow to see the result with postconf for debugging/testing.
configure_postfix
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/entrypoint/ldap/smtpd_sender_login_maps
new/entrypoint/ldap/smtpd_sender_login_maps
--- old/entrypoint/ldap/smtpd_sender_login_maps 1970-01-01 01:00:00.000000000
+0100
+++ new/entrypoint/ldap/smtpd_sender_login_maps 2020-11-04 15:53:50.000000000
+0100
@@ -0,0 +1,15 @@
+server_host = @LDAP_SERVER_URL@
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
+tls_require_cert = yes
+
+bind = yes
+bind_dn = @LDAP_BIND_DN@
+bind_pw = @LDAP_BIND_PASSWORD@
+
+search_base = ou=mail,@LDAP_BASE_DN@
+scope = sub
+
+query_filter = (|(mailacceptinggeneralid=%s)(maildrop=%s))
+result_attribute = uid
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/entrypoint/ldap/virtual_alias_domains
new/entrypoint/ldap/virtual_alias_domains
--- old/entrypoint/ldap/virtual_alias_domains 1970-01-01 01:00:00.000000000
+0100
+++ new/entrypoint/ldap/virtual_alias_domains 2020-11-04 15:53:50.000000000
+0100
@@ -0,0 +1,16 @@
+server_host = @LDAP_SERVER_URL@
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
+tls_require_cert = yes
+
+bind = yes
+bind_dn = @LDAP_BIND_DN@
+bind_pw = @LDAP_BIND_PASSWORD@
+
+search_base = ou=mail,@LDAP_BASE_DN@
+scope = sub
+
+query_filter = mailacceptinggeneralid=*@%s
+result_attribute = mailacceptinggeneralid
+result_format = %d
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/entrypoint/ldap/virtual_alias_maps
new/entrypoint/ldap/virtual_alias_maps
--- old/entrypoint/ldap/virtual_alias_maps 1970-01-01 01:00:00.000000000
+0100
+++ new/entrypoint/ldap/virtual_alias_maps 2020-11-04 15:53:50.000000000
+0100
@@ -0,0 +1,15 @@
+server_host = @LDAP_SERVER_URL@
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
+tls_require_cert = yes
+
+bind = yes
+bind_dn = @LDAP_BIND_DN@
+bind_pw = @LDAP_BIND_PASSWORD@
+
+search_base = ou=mail,@LDAP_BASE_DN@
+scope = sub
+
+query_filter = mailacceptinggeneralid=%s
+result_attribute = maildrop
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/entrypoint/ldap/virtual_gid_maps
new/entrypoint/ldap/virtual_gid_maps
--- old/entrypoint/ldap/virtual_gid_maps 1970-01-01 01:00:00.000000000
+0100
+++ new/entrypoint/ldap/virtual_gid_maps 2020-11-04 15:53:50.000000000
+0100
@@ -0,0 +1,15 @@
+server_host = @LDAP_SERVER_URL@
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
+tls_require_cert = yes
+
+bind = yes
+bind_dn = @LDAP_BIND_DN@
+bind_pw = @LDAP_BIND_PASSWORD@
+
+search_base = ou=mail,@LDAP_BASE_DN@
+scope = sub
+
+query_filter = maildrop=%s
+result_attribute = gidNumber
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/entrypoint/ldap/virtual_mailbox_maps
new/entrypoint/ldap/virtual_mailbox_maps
--- old/entrypoint/ldap/virtual_mailbox_maps 1970-01-01 01:00:00.000000000
+0100
+++ new/entrypoint/ldap/virtual_mailbox_maps 2020-11-04 15:53:50.000000000
+0100
@@ -0,0 +1,17 @@
+server_host = @LDAP_SERVER_URL@
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
+tls_require_cert = yes
+
+bind = yes
+bind_dn = @LDAP_BIND_DN@
+bind_pw = @LDAP_BIND_PASSWORD@
+
+search_base = ou=mail,@LDAP_BASE_DN@
+scope = sub
+
+query_filter = maildrop=%s
+#result_attribute = homeDirectory
+#result_format = %s/Maildir/
+result_format = %u/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/entrypoint/ldap/virtual_uid_maps
new/entrypoint/ldap/virtual_uid_maps
--- old/entrypoint/ldap/virtual_uid_maps 1970-01-01 01:00:00.000000000
+0100
+++ new/entrypoint/ldap/virtual_uid_maps 2020-11-04 15:53:50.000000000
+0100
@@ -0,0 +1,15 @@
+server_host = @LDAP_SERVER_URL@
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
+tls_require_cert = yes
+
+bind = yes
+bind_dn = @LDAP_BIND_DN@
+bind_pw = @LDAP_BIND_PASSWORD@
+
+search_base = ou=mail,@LDAP_BASE_DN@
+scope = sub
+
+query_filter = maildrop=%s
+result_attribute = uidNumber
_______________________________________________
openSUSE Commits mailing list -- [email protected]
To unsubscribe, email [email protected]
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/[email protected]
