3 commits - configure.ac pykolab/auth pykolab/setup share/Makefile.am share/templates
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Tue Aug 13 13:12:25 CEST 2013
configure.ac | 2
pykolab/auth/ldap/__init__.py | 5
pykolab/setup/setup_mta.py | 15 ++
share/Makefile.am | 3
share/templates/header_checks.inbound | 6
share/templates/header_checks.internal | 1
share/templates/header_checks.submission | 5
share/templates/master.cf.tpl | 202 ++++++++++---------------------
8 files changed, 103 insertions(+), 136 deletions(-)
New commits:
commit ce563590823fb40b3b20b17493714d37bbc45719
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Aug 13 12:08:57 2013 +0100
Release 0.6.4
diff --git a/configure.ac b/configure.ac
index fef68a9..d710f9b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([pykolab], 0.6.3)
+AC_INIT([pykolab], 0.6.4)
AC_SUBST([RELEASE], 1)
AC_CONFIG_SRCDIR(pykolab/constants.py.in)
commit 33bb7fa7b46e553e0aeb5878163cf81490881683
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Aug 13 11:53:47 2013 +0100
Add stripping certain headers using header_checks as a default
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 9004e6b..ed30f50 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -237,6 +237,8 @@ result_format = shared+%%s
"transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport",
"virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
"smtpd_tls_auth_only": "yes",
+ "smtpd_tls_security_level": "may",
+ "smtp_tls_security_level": "may",
"smtpd_sasl_auth_enable": "yes",
"smtpd_sender_login_maps": "$relay_recipient_maps",
"smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch",
@@ -263,6 +265,19 @@ result_format = shared+%%s
'/etc/postfix/main.cf'
)
+ # Copy header checks files
+ for hc_file in [ 'inbound', 'internal', 'submission' ]:
+ if not os.path.isfile("/etc/postfix/header_checks.%s" % (hc_file)):
+ if os.path.isfile('/etc/kolab/templates/header_checks.%s' % (hc_file)):
+ input_file = '/etc/kolab/templates/header_checks.%s' % (hc_file)
+ elif os.path.isfile('/usr/share/kolab/templates/header_checks.%s' % (hc_file)):
+ input_file = '/usr/share/kolab/templates/header_checks.%s' % (hc_file)
+ elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file)))):
+ input_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file)))
+
+ shutil.copy(input_file, "/etc/postfix/header_checks.%s" % (hc_file))
+ subprocess.call(["postmap", "/etc/postfix/header_checks.%s" % (hc_file)])
+
myaugeas = Augeas()
setting_base = '/files/etc/postfix/main.cf/'
diff --git a/share/Makefile.am b/share/Makefile.am
index b3174e1..fc80b0a 100644
--- a/share/Makefile.am
+++ b/share/Makefile.am
@@ -1,6 +1,7 @@
templatedir = $(datadir)/kolab/templates
template_DATA = \
- $(wildcard templates/*.tpl)
+ $(wildcard templates/*.tpl) \
+ $(wildcard templates/header_checks.*)
rctemplatedir = $(datadir)/kolab/templates/roundcubemail
rctemplate_DATA = \
diff --git a/share/templates/header_checks.inbound b/share/templates/header_checks.inbound
new file mode 100644
index 0000000..a824f84
--- /dev/null
+++ b/share/templates/header_checks.inbound
@@ -0,0 +1,6 @@
+/^X-Spam-Flag:.*YES/ REJECT
+/^X-Virus-Scanned:/ IGNORE
+/^X-Spam-Flag:.*NO/ IGNORE
+/^X-Spam-Score:/ IGNORE
+/^X-Spam-Level:/ IGNORE
+/^X-Spam-Status:/ IGNORE
diff --git a/share/templates/header_checks.internal b/share/templates/header_checks.internal
new file mode 100644
index 0000000..2976141
--- /dev/null
+++ b/share/templates/header_checks.internal
@@ -0,0 +1 @@
+/^Received:.*127\.0\.0\.1/ IGNORE
diff --git a/share/templates/header_checks.submission b/share/templates/header_checks.submission
new file mode 100644
index 0000000..4866ef8
--- /dev/null
+++ b/share/templates/header_checks.submission
@@ -0,0 +1,5 @@
+/^Received:.*with ESMTPSA/ IGNORE
+/^Received:.*127\.0\.0\.1/ IGNORE
+/^User-Agent:/ IGNORE
+/^X-Mailer:/ IGNORE
+/^Mime-Version:/ IGNORE
diff --git a/share/templates/master.cf.tpl b/share/templates/master.cf.tpl
index 161d053..44c983a 100644
--- a/share/templates/master.cf.tpl
+++ b/share/templates/master.cf.tpl
@@ -1,19 +1,17 @@
-#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
-#
# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (yes) (never) (100)
-# ==========================================================================
-smtp inet n - n - - smtpd
-#smtp inet n - n - 1 postscreen
-#smtpd pass - - n - - smtpd
-#dnsblog unix - - n - 0 dnsblog
-#tlsproxy unix - - n - 0 tlsproxy
-submission inet n - n - - smtpd
+# ==============================================================================
+# service type private unpriv chroot wakeup maxproc command
+# (yes) (yes) (yes) (never) (100) + args
+# ==============================================================================
+smtp inet n - n - - smtpd
+#smtp inet n - n - 1 postscreen
+#smtpd pass - - n - - smtpd
+#dnsblog unix - - n - 0 dnsblog
+#tlsproxy unix - - n - 0 tlsproxy
+submission inet n - n - - smtpd
+ -o cleanup_service_name=cleanup_submission
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
@@ -23,119 +21,58 @@ submission inet n - n - - smtpd
-o smtpd_recipient_restrictions=\$submission_recipient_restrictions
-o smtpd_sender_restrictions=\$submission_sender_restrictions
-#smtps inet n - n - - smtpd
-# -o syslog_name=postfix/smtps
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
-#628 inet n - n - - qmqpd
-pickup fifo n - n 60 1 pickup
-cleanup unix n - n - 0 cleanup
-qmgr fifo n - n 300 1 qmgr
-#qmgr fifo n - n 300 1 oqmgr
-tlsmgr unix - - n 1000? 1 tlsmgr
-rewrite unix - - n - - trivial-rewrite
-bounce unix - - n - 0 bounce
-defer unix - - n - 0 bounce
-trace unix - - n - 0 bounce
-verify unix - - n - 1 verify
-flush unix n - n 1000? 0 flush
-proxymap unix - - n - - proxymap
-proxywrite unix - - n - 1 proxymap
-smtp unix - - n - - smtp
-relay unix - - n - - smtp
-# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq unix n - n - - showq
-error unix - - n - - error
-retry unix - - n - - error
-discard unix - - n - - discard
-local unix - n n - - local
-virtual unix - n n - - virtual
-lmtp unix - - n - - lmtp
-anvil unix - - n - 1 anvil
-scache unix - - n - 1 scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent. See the pipe(8) man page for information about \${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-#maildrop unix - n n - - pipe
-# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d \${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r \${sender} -m \${extension} \${user}
-#
-# ====================================================================
-#
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m \${extension} \${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-#uucp unix - n n - - pipe
-# flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)
-#
-# ====================================================================
-#
-# Other external delivery methods.
-#
-#ifmail unix - n n - - pipe
-# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)
-#
-#bsmtp unix - n n - - pipe
-# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f \$sender \$nexthop \$recipient
-#
-#scalemail-backend unix - n n - 2 pipe
-# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
-# \${nexthop} \${user} \${extension}
-#
-#mailman unix - n n - - pipe
-# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
-# \${nexthop} \${user}
+#smtps inet n - n - - smtpd
+# -o syslog_name=postfix/smtps
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#628 inet n - n - - qmqpd
+pickup fifo n - n 60 1 pickup
+cleanup unix n - n - 0 cleanup
+ -o header_checks=regexp:/etc/postfix/header_checks.inbound
+ -o mime_header_checks=regexp:/etc/postfix/header_checks.inbound
+cleanup_internal unix n - n - 0 cleanup
+ -o header_checks=regexp:/etc/postfix/header_checks.internal
+ -o mime_header_checks=regexp:/etc/postfix/header_checks.internal
+cleanup_submission unix n - n - 0 cleanup
+ -o header_checks=regexp:/etc/postfix/header_checks.submission
+ -o mime_header_checks=regexp:/etc/postfix/header_checks.submission
+qmgr fifo n - n 300 1 qmgr
+#qmgr fifo n - n 300 1 oqmgr
+tlsmgr unix - - n 1000? 1 tlsmgr
+rewrite unix - - n - - trivial-rewrite
+bounce unix - - n - 0 bounce
+defer unix - - n - 0 bounce
+trace unix - - n - 0 bounce
+verify unix - - n - 1 verify
+flush unix n - n 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - n - - smtp
+relay unix - - n - - smtp
+showq unix n - n - - showq
+error unix - - n - - error
+retry unix - - n - - error
+discard unix - - n - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - n - - lmtp
+anvil unix - - n - 1 anvil
+scache unix - - n - 1 scache
-#
# Filter email through Amavisd
-#
-smtp-amavis unix - - n - 3 smtp
+smtp-amavis unix - - n - 3 smtp
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
+ -o smtp_bind_address=127.0.0.1
-#
# Listener to re-inject email from Amavisd into Postfix
-#
-127.0.0.1:10025 inet n - n - 100 smtpd
- -o content_filter=smtp-wallace:[127.0.0.1]:10026
+127.0.0.1:10025 inet n - n - 100 smtpd
+ -o cleanup_service_name=cleanup_internal
+ -o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
@@ -146,19 +83,16 @@ smtp-amavis unix - - n - 3 smtp
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-#
# Filter email through Wallace
-#
-smtp-wallace unix - - n - 3 smtp
+smtp-wallace unix - - n - 3 smtp
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
-#
# Listener to re-inject email from Wallace into Postfix
-#
-127.0.0.1:10027 inet n - n - 100 smtpd
+127.0.0.1:10027 inet n - n - 100 smtpd
+ -o cleanup_service_name=cleanup_internal
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
@@ -170,18 +104,18 @@ smtp-wallace unix - - n - 3 smtp
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-recipient_policy unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient
+recipient_policy unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient
-recipient_policy_incoming unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient --allow-unauthenticated
+recipient_policy_incoming unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient --allow-unauthenticated
-sender_policy unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-sender
+sender_policy unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender
-sender_policy_incoming unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --allow-unauthenticated
+sender_policy_incoming unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --allow-unauthenticated
-submission_policy unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --verify-recipient
+submission_policy unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --verify-recipient
commit 152bd708a2b3e4816faef0ebec7a5dbf7f3b8120
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Aug 13 11:44:26 2013 +0100
Attempt to convert the current LDAP quota to an integer and fail silently should this fail
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 22c3dfa..341ae32 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -979,6 +979,11 @@ class LDAP(pykolab.base.Base):
}
)
+ try:
+ current_ldap_quota = (int)(current_ldap_quota)
+ except:
+ current_ldap_quota = None
+
if not current_ldap_quota == None:
if not new_quota == (int)(current_ldap_quota):
self.set_entry_attribute(
More information about the commits
mailing list