3 commits - configure.ac pykolab/auth pykolab/setup share/Makefile.am share/templates

Jeroen van Meeuwen vanmeeuwen at kolabsys.com
Tue Aug 13 13:12:25 CEST 2013


 configure.ac                             |    2 
 pykolab/auth/ldap/__init__.py            |    5 
 pykolab/setup/setup_mta.py               |   15 ++
 share/Makefile.am                        |    3 
 share/templates/header_checks.inbound    |    6 
 share/templates/header_checks.internal   |    1 
 share/templates/header_checks.submission |    5 
 share/templates/master.cf.tpl            |  202 ++++++++++---------------------
 8 files changed, 103 insertions(+), 136 deletions(-)

New commits:
commit ce563590823fb40b3b20b17493714d37bbc45719
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Tue Aug 13 12:08:57 2013 +0100

    Release 0.6.4

diff --git a/configure.ac b/configure.ac
index fef68a9..d710f9b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([pykolab], 0.6.3)
+AC_INIT([pykolab], 0.6.4)
 AC_SUBST([RELEASE], 1)
 
 AC_CONFIG_SRCDIR(pykolab/constants.py.in)


commit 33bb7fa7b46e553e0aeb5878163cf81490881683
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Tue Aug 13 11:53:47 2013 +0100

    Add stripping certain headers using header_checks as a default

diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 9004e6b..ed30f50 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -237,6 +237,8 @@ result_format = shared+%%s
             "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport",
             "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
             "smtpd_tls_auth_only": "yes",
+            "smtpd_tls_security_level": "may",
+            "smtp_tls_security_level": "may",
             "smtpd_sasl_auth_enable": "yes",
             "smtpd_sender_login_maps": "$relay_recipient_maps",
             "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch",
@@ -263,6 +265,19 @@ result_format = shared+%%s
                     '/etc/postfix/main.cf'
                 )
 
+    # Copy header checks files
+    for hc_file in [ 'inbound', 'internal', 'submission' ]:
+    if not os.path.isfile("/etc/postfix/header_checks.%s" % (hc_file)):
+        if os.path.isfile('/etc/kolab/templates/header_checks.%s' % (hc_file)):
+            input_file = '/etc/kolab/templates/header_checks.%s' % (hc_file)
+        elif os.path.isfile('/usr/share/kolab/templates/header_checks.%s' % (hc_file)):
+            input_file = '/usr/share/kolab/templates/header_checks.%s' % (hc_file)
+        elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file)))):
+            input_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file)))
+
+        shutil.copy(input_file, "/etc/postfix/header_checks.%s" % (hc_file))
+        subprocess.call(["postmap", "/etc/postfix/header_checks.%s" % (hc_file)])
+
     myaugeas = Augeas()
 
     setting_base = '/files/etc/postfix/main.cf/'
diff --git a/share/Makefile.am b/share/Makefile.am
index b3174e1..fc80b0a 100644
--- a/share/Makefile.am
+++ b/share/Makefile.am
@@ -1,6 +1,7 @@
 templatedir = $(datadir)/kolab/templates
 template_DATA = \
-	$(wildcard templates/*.tpl)
+	$(wildcard templates/*.tpl) \
+	$(wildcard templates/header_checks.*)
 
 rctemplatedir = $(datadir)/kolab/templates/roundcubemail
 rctemplate_DATA = \
diff --git a/share/templates/header_checks.inbound b/share/templates/header_checks.inbound
new file mode 100644
index 0000000..a824f84
--- /dev/null
+++ b/share/templates/header_checks.inbound
@@ -0,0 +1,6 @@
+/^X-Spam-Flag:.*YES/    REJECT
+/^X-Virus-Scanned:/     IGNORE
+/^X-Spam-Flag:.*NO/     IGNORE
+/^X-Spam-Score:/        IGNORE
+/^X-Spam-Level:/        IGNORE
+/^X-Spam-Status:/       IGNORE
diff --git a/share/templates/header_checks.internal b/share/templates/header_checks.internal
new file mode 100644
index 0000000..2976141
--- /dev/null
+++ b/share/templates/header_checks.internal
@@ -0,0 +1 @@
+/^Received:.*127\.0\.0\.1/  IGNORE
diff --git a/share/templates/header_checks.submission b/share/templates/header_checks.submission
new file mode 100644
index 0000000..4866ef8
--- /dev/null
+++ b/share/templates/header_checks.submission
@@ -0,0 +1,5 @@
+/^Received:.*with ESMTPSA/  IGNORE
+/^Received:.*127\.0\.0\.1/  IGNORE
+/^User-Agent:/              IGNORE
+/^X-Mailer:/                IGNORE
+/^Mime-Version:/            IGNORE
diff --git a/share/templates/master.cf.tpl b/share/templates/master.cf.tpl
index 161d053..44c983a 100644
--- a/share/templates/master.cf.tpl
+++ b/share/templates/master.cf.tpl
@@ -1,19 +1,17 @@
-#
 # Postfix master process configuration file.  For details on the format
 # of the file, see the master(5) manual page (command: "man 5 master").
-#
 # Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type  private unpriv  chroot  wakeup  maxproc command + args
-#               (yes)   (yes)   (yes)   (never) (100)
-# ==========================================================================
-smtp      inet  n       -       n       -       -       smtpd
-#smtp      inet  n       -       n       -       1       postscreen
-#smtpd     pass  -       -       n       -       -       smtpd
-#dnsblog   unix  -       -       n       -       0       dnsblog
-#tlsproxy  unix  -       -       n       -       0       tlsproxy
-submission inet n       -       n       -       -       smtpd
+# ==============================================================================
+# service           type  private   unpriv  chroot  wakeup  maxproc     command
+#                           (yes)    (yes)   (yes)   (never) (100)       + args
+# ==============================================================================
+smtp                inet        n       -       n       -       -       smtpd
+#smtp               inet        n       -       n       -       1       postscreen
+#smtpd              pass        -       -       n       -       -       smtpd
+#dnsblog            unix        -       -       n       -       0       dnsblog
+#tlsproxy           unix        -       -       n       -       0       tlsproxy
+submission          inet        n       -       n       -       -       smtpd
+    -o cleanup_service_name=cleanup_submission
     -o syslog_name=postfix/submission
     -o smtpd_tls_security_level=encrypt
     -o smtpd_sasl_auth_enable=yes
@@ -23,119 +21,58 @@ submission inet n       -       n       -       -       smtpd
     -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
     -o smtpd_sender_restrictions=\$submission_sender_restrictions
 
-#smtps     inet  n       -       n       -       -       smtpd
-#  -o syslog_name=postfix/smtps
-#  -o smtpd_tls_wrappermode=yes
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
-#628       inet  n       -       n       -       -       qmqpd
-pickup    fifo  n       -       n       60      1       pickup
-cleanup   unix  n       -       n       -       0       cleanup
-qmgr      fifo  n       -       n       300     1       qmgr
-#qmgr     fifo  n       -       n       300     1       oqmgr
-tlsmgr    unix  -       -       n       1000?   1       tlsmgr
-rewrite   unix  -       -       n       -       -       trivial-rewrite
-bounce    unix  -       -       n       -       0       bounce
-defer     unix  -       -       n       -       0       bounce
-trace     unix  -       -       n       -       0       bounce
-verify    unix  -       -       n       -       1       verify
-flush     unix  n       -       n       1000?   0       flush
-proxymap  unix  -       -       n       -       -       proxymap
-proxywrite unix -       -       n       -       1       proxymap
-smtp      unix  -       -       n       -       -       smtp
-relay     unix  -       -       n       -       -       smtp
-#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       n       -       -       showq
-error     unix  -       -       n       -       -       error
-retry     unix  -       -       n       -       -       error
-discard   unix  -       -       n       -       -       discard
-local     unix  -       n       n       -       -       local
-virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       n       -       -       lmtp
-anvil     unix  -       -       n       -       1       anvil
-scache    unix  -       -       n       -       1       scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent.  See the pipe(8) man page for information about \${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-#maildrop  unix  -       n       n       -       -       pipe
-#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d \${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-#  mailbox_transport = lmtp:inet:localhost
-#  virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus     unix  -       n       n       -       -       pipe
-#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r \${sender} -m \${extension} \${user}
-#
-# ====================================================================
-#
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix  -       n       n       -       -       pipe
-#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m \${extension} \${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-#uucp      unix  -       n       n       -       -       pipe
-#  flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)
-#
-# ====================================================================
-#
-# Other external delivery methods.
-#
-#ifmail    unix  -       n       n       -       -       pipe
-#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)
-#
-#bsmtp     unix  -       n       n       -       -       pipe
-#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f \$sender \$nexthop \$recipient
-#
-#scalemail-backend unix -       n       n       -       2       pipe
-#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
-#  \${nexthop} \${user} \${extension}
-#
-#mailman   unix  -       n       n       -       -       pipe
-#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
-#  \${nexthop} \${user}
+#smtps               inet        n       -       n       -       -       smtpd
+#    -o syslog_name=postfix/smtps
+#    -o smtpd_tls_wrappermode=yes
+#    -o smtpd_sasl_auth_enable=yes
+#    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#    -o milter_macro_daemon_name=ORIGINATING
+#628                inet        n       -       n       -       -       qmqpd
+pickup              fifo        n       -       n       60      1       pickup
+cleanup             unix        n       -       n       -       0       cleanup
+    -o header_checks=regexp:/etc/postfix/header_checks.inbound
+    -o mime_header_checks=regexp:/etc/postfix/header_checks.inbound
+cleanup_internal    unix        n       -       n       -       0       cleanup
+    -o header_checks=regexp:/etc/postfix/header_checks.internal
+    -o mime_header_checks=regexp:/etc/postfix/header_checks.internal
+cleanup_submission  unix        n       -       n       -       0       cleanup
+    -o header_checks=regexp:/etc/postfix/header_checks.submission
+    -o mime_header_checks=regexp:/etc/postfix/header_checks.submission
+qmgr                fifo        n       -       n       300     1       qmgr
+#qmgr               fifo        n       -       n       300     1       oqmgr
+tlsmgr              unix        -       -       n       1000?   1       tlsmgr
+rewrite             unix        -       -       n       -       -       trivial-rewrite
+bounce              unix        -       -       n       -       0       bounce
+defer               unix        -       -       n       -       0       bounce
+trace               unix        -       -       n       -       0       bounce
+verify              unix        -       -       n       -       1       verify
+flush               unix        n       -       n       1000?   0       flush
+proxymap            unix        -       -       n       -       -       proxymap
+proxywrite          unix        -       -       n       -       1       proxymap
+smtp                unix        -       -       n       -       -       smtp
+relay               unix        -       -       n       -       -       smtp
+showq               unix        n       -       n       -       -       showq
+error               unix        -       -       n       -       -       error
+retry               unix        -       -       n       -       -       error
+discard             unix        -       -       n       -       -       discard
+local               unix        -       n       n       -       -       local
+virtual             unix        -       n       n       -       -       virtual
+lmtp                unix        -       -       n       -       -       lmtp
+anvil               unix        -       -       n       -       1       anvil
+scache              unix        -       -       n       -       1       scache
 
-#
 # Filter email through Amavisd
-#
-smtp-amavis     unix    -   -   n   -       3   smtp
+smtp-amavis         unix        -       -       n       -       3       smtp
     -o smtp_data_done_timeout=1800
     -o disable_dns_lookups=yes
     -o smtp_send_xforward_command=yes
     -o max_use=20
+    -o smtp_bind_address=127.0.0.1
 
-#
 # Listener to re-inject email from Amavisd into Postfix
-#
-127.0.0.1:10025 inet    n   -   n   -       100 smtpd
-    -o content_filter=smtp-wallace:[127.0.0.1]:10026
+127.0.0.1:10025     inet        n       -       n       -       100     smtpd
+    -o cleanup_service_name=cleanup_internal
+    -o content_filter=
     -o local_recipient_maps=
     -o relay_recipient_maps=
     -o smtpd_restriction_classes=
@@ -146,19 +83,16 @@ smtp-amavis     unix    -   -   n   -       3   smtp
     -o mynetworks=127.0.0.0/8
     -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 
-#
 # Filter email through Wallace
-#
-smtp-wallace    unix    -   -   n   -       3   smtp
+smtp-wallace        unix        -       -       n       -       3       smtp
     -o smtp_data_done_timeout=1800
     -o disable_dns_lookups=yes
     -o smtp_send_xforward_command=yes
     -o max_use=20
 
-#
 # Listener to re-inject email from Wallace into Postfix
-#
-127.0.0.1:10027 inet    n   -   n   -       100 smtpd
+127.0.0.1:10027     inet        n       -       n       -       100     smtpd
+    -o cleanup_service_name=cleanup_internal
     -o content_filter=
     -o local_recipient_maps=
     -o relay_recipient_maps=
@@ -170,18 +104,18 @@ smtp-wallace    unix    -   -   n   -       3   smtp
     -o mynetworks=127.0.0.0/8
     -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 
-recipient_policy unix    -   n   n   -       -   spawn
-    user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient
+recipient_policy    unix        -       n       n       -       -       spawn
+    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient
 
-recipient_policy_incoming unix - n n -       -   spawn
-    user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient --allow-unauthenticated
+recipient_policy_incoming unix  -       n       n       -       -       spawn
+    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient --allow-unauthenticated
 
-sender_policy    unix    -   n   n   -       -   spawn
-    user=kolab-n argv=${kolab_sap_executable_path} --verify-sender
+sender_policy       unix        -       n       n       -       -       spawn
+    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender
 
-sender_policy_incoming unix - n  n   -       -   spawn
-    user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --allow-unauthenticated
+sender_policy_incoming unix     -       n       n       -       -       spawn
+    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --allow-unauthenticated
 
-submission_policy unix - n n - - spawn
-    user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --verify-recipient
+submission_policy   unix        -       n       n       -       -       spawn
+    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --verify-recipient
 


commit 152bd708a2b3e4816faef0ebec7a5dbf7f3b8120
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Tue Aug 13 11:44:26 2013 +0100

    Attempt to convert the current LDAP quota to an integer and fail silently should this fail

diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 22c3dfa..341ae32 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -979,6 +979,11 @@ class LDAP(pykolab.base.Base):
                 }
             )
 
+        try:
+            current_ldap_quota = (int)(current_ldap_quota)
+        except:
+            current_ldap_quota = None
+
         if not current_ldap_quota == None:
             if not new_quota == (int)(current_ldap_quota):
                 self.set_entry_attribute(




More information about the commits mailing list