Raffinement des groups pour les mails

darcs-hash:20071130042026-af139-4f9e70a02476292e51f65ecae83039c7ffb882f2.gz
2007-11-30 05:20:26 +01:00 · 2007-11-30 05:20:26 +01:00 · ab9c40c8ec
commit ab9c40c8ec
parent 9d7da83abb
7 changed files with 259 additions and 46 deletions
--- a/Bundler/postfix.xml
+++ b/Bundler/postfix.xml
@ -3,10 +3,23 @@
  <Service name="postfix"/>
  <ConfigFile name="/etc/postfix/main.cf"/>
  <ConfigFile name="/etc/postfix/master.cf"/>
  <Group name="mail-mx">
    <!-- Suivant le backend de base de donnees utilise -->
    <Group name="ldap">
      <Package name="postfix-ldap"/>
      <ConfigFile name="ldap-aliases.cf"/>
      <ConfigFile name="ldap-canonical.cf"/>
    </Group>
    <Group name="pgsql">
      <Package name="postfix-pgsql"/>
      <ConfigFile name="pgsql-aliases.cf"/>
      <ConfigFile name="pgsql-canonical.cf"/>
    </Group>
    <!-- Greylisting pour les MX publics -->
    <Group name="postfix-mx-public">
      <ConfigFile name="ldap-sqlgrey.cf"/>
    </Group>
  </Group>
 </Bundle>
--- a/Bundler/postfix_canonical.xml
+++ b/Bundler/postfix_canonical.xml
@ -3,8 +3,4 @@
    <ConfigFile name="/etc/postfix/canonical"/>
    <Action name="update-postfix-canonical"/>
  </Group>
  <Group name="mail-mx-secours">
    <ConfigFile name="/etc/postfix/canonical"/>
    <Action name="update-postfix-canonical"/>
  </Group>
 </Bundle>
--- a/Bundler/postfix_sqlgrey_recipient_access.xml
+++ b/Bundler/postfix_sqlgrey_recipient_access.xml
@ -1,6 +0,0 @@
 <Bundle name="postfix_sqlgrey_recipient_access" version="2.0">
  <Group name="mail-mx">
    <ConfigFile name="/etc/postfix/sqlgrey_recipient_access"/>
    <Action name="update-postfix-sqlgrey_recipient_access"/>
  </Group>
 </Bundle>
--- a/Cfg/etc/postfix/main.cf/main.cf.G50_mail-satellite
+++ b/Cfg/etc/postfix/main.cf/main.cf.G50_mail-satellite
@ -0,0 +1,25 @@
 # -*- coding: utf-8; mode: conf-unix -*-
 #
 # Fichier gere par BCfg2
 # Les mails viennent de @crans.org
 myorigin = crans.org
 # Alias
 alias_database = hash:/etc/postfix/aliases
 alias_maps = $alias_database
 # Les mails sont envoyes a notre MX
 relayhost = smtp.adm.crans.org
 # Utilisation locale uniquement
 mynetworks = 127.0.0.0/8
 inet_interfaces = loopback-only
 # Reecriture des entetes: @host.crans.org -> @crans.org
 canonical_maps = regexp:/etc/postfix/canonical
 # Autres
 recipient_delimiter =
 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 biff = no
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@ -13,7 +13,6 @@
 	 profile="true">
    <Group name="basic"/>
    <Group name="users"/>
    <Group name="mail-delivery"/>
  </Group>
  <Group name="rouge"
@ -66,6 +65,8 @@
  <Group name="mailing-list-manager"
 	 comment="gestion des listes de diffusion">
    <Group name="mailman"/>
    <!-- Mailman a besoin d'un smtp -->
    <Group name="mail-mx"/>
  </Group>
  <!-- -->
@ -78,7 +79,10 @@
  <!-- -->
  <Group name="users"
-	 comment="le serveur sur les adherent peuvent se logger"/>
+	 comment="le serveur sur les adherent peuvent se logger">
    <!-- C'est aussi le serveur qui fait la delivrance local des mails -->
    <Group name="mail-mx"/>
  </Group>
  <Group name="db-main"
 	 comment="le serveur qui contient la base du crans"
@ -93,15 +97,19 @@
  </Group>
  <Group name="mail-mx-main"
-	 comment="serveur de recpetion des mails principal"
+	 comment="smtp principal de l'association"
 	 category="mail-mx">
    <Group name="mail-mx"/>
    <!-- Ca c'est pour distinguer les smtp qui ne sont utilise que en interne
 	 comme le serveur des adherents par exemple -->
    <Group name="mail-mx-public"/>
  </Group>
  <Group name="mail-mx-secondary"
 	 comment="serveur de recpetion des mails principal"
 	 category="mail-mx">
    <Group name="mail-mx"/>
    <Group name="mail-mx-public"/>
  </Group>
  <!-- -->
@ -133,7 +141,7 @@
    <Bundle name="ldap"/>
  </Group>
-  <Group name="postgresql"
+  <Group name="pgsql"
 	 comment="base de donnee postgresql"
 	 category="db-backend"/>
@ -144,7 +152,6 @@
    <Bundle name="postfix_transport"/>
    <Bundle name="postfix_virtual"/>
    <Bundle name="postfix_canonical"/>
    <Bundle name="postfix_sqlgrey_recipient_access"/>
    <Bundle name="postfix_mime_header_checks"/>
  </Group>
--- a/TCheetah/etc/postfix/main.cf/template
+++ b/TCheetah/etc/postfix/main.cf/template
@ -1,26 +1,45 @@
 # -*- coding: utf-8; mode: conf-unix -*-
 #
 # Fichier gere par BCfg2
 #
 # Fichier de configuration principal de postfix.
 ## On change le style de parsing parceque sinon c'est vraiment relou
 #compiler-settings
 cheetahVarStartToken = @
-commentStartToken = %%
+commentStartToken = %#
 multilineCommentStartToken = %*
 multilineCommentEndToken = *%
 directiveStartToken = %
 directiveEndToken = %
 #end compiler-settings
-%% +------------------------+
+%# +------------------------+
-%% | Utils pour le template |
+%# | Utils pour le template |
-%% +------------------------+
+%# +------------------------+
-%set @manage_ml = "mailing-list-manager" in @metadata.groups
+%# Indique si c'est un MX principal ou secondaire.
 %set @mx = "mail-mx" in @metadata.groups
 %set @main = "mail-mx-main" in @metadata.groups
-%set @users = "mail-mx-users" in @metadata.groups
+%set @secondary = "mail-mx-secondary" in @metadata.groups
-%set @rescue = "mail-mx-rescue" in @metadata.groups
+%# Indique si c'est un MX public, par exemple le serveur
 %# des adherents est utilise uniquement en interne
 %set @public = "mail-mx-public" in @metadata.groups
 %# Si vrai alors delivre localement les mails des adherents.
 %set @users = "users" in @metadata.groups
 %# Si vrai alors passe les mails des ml a mailman
 %set @manage_ml = "mailing-list-manager" in @metadata.groups
 %# La base de donnee utilise
 %if "ldap" in @metadata.groups
  %set @db = "ldap"
 %elif "pgsql" in @metadata.groups
  %set @db = "pgsql"
 %else
  %raise Exception("aucune base de donne trouvee!")
 %end if
 %set @shorthostname = @metadata.hostname.split('.',1)[0]
 %def yesno(@b): %if @b then yes else no%
@ -40,13 +59,14 @@ myorigin = crans.org
 mynetworks = 138.231.136.0/21, 138.231.144.0/21, 138.231.148.0/22, 127.0.0.1/8
 # Destinations acceptees
-mydestination = @shorthostname, $myhostname, localhost, localhost.$mydomain,
+mydestination = @shorthostname, $myhostname,
-%if @mx
+ 	      	localhost, localhost.$mydomain
 %if @main
 		$mydomain, crans.ens-cachan.fr, clubs.ens-cachan.fr,
 		install-party.ens-cachan.fr
-  %if @manage_ml
+%end if
 %if @manage_ml
    		lists.$mydomain
  %end if
 %end if
 %if @resuce
@ -54,9 +74,14 @@ mydestination = @shorthostname, $myhostname, localhost, localhost.$mydomain,
 myorigin = $myhostname
 %end if
-%if @rescue
+# Domaine relaye par ce MX
-# Domaine relayes par ce MX
+relay_domains = $mydestination,
-relay_domains = $mydestination, crans.org, crans.ens-cachan.fr, clubs.ens-cachan.fr
+%if @secondary
 		$mydomain, crans.ens-cachan.fr, clubs.ens-cachan.fr,
 		install-party.ens-cachan.fr
 %end if
 %if @public and not @manage_ml
 		lists.$mydomain
 %end if
 # Etre notifie ou non de l'arrive de nouveaux mails
@ -68,7 +93,7 @@ biff = @yesno(@users)
 # il faut enlever ca.
 soft_bounce = no
-%if @main
+%if @users
 # On delivre dans des maildir
 mail_spool_directory = /var/mail/
 %end if
@ -83,13 +108,8 @@ delay_warning_time = 24h
 # Esthetisme
 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 %if @rescue
 # Reecriture des entetes: @host.crans.org -> @crans.org
 canonical_maps = regexp:/etc/postfix/canonical
 %else
 # Reecriture des entetes
 canonical_maps = ldap:/etc/postfix/ldap-canonical.cf
 %end if
 # Par ou passer (notement pour la distrtibution des adresse locales par bleu)
 transport_maps = hash:/etc/postfix/transport
@ -107,13 +127,13 @@ alias_database = hash:/etc/postfix/aliases
                 hash:/var/lib/mailman/data/aliases
 %end if
-# Plus le ldap
+# Plus les alias dans la base de donnees
 alias_maps = $alias_database, ldap:/etc/postfix/ldap-aliases.cf
 # On prend aussi en compte les utilisateurs de /etc/passwd
 local_recipient_maps = $alias_maps unix:passwd.byname
-# Les anciennes ML @crans.org -> @lists.crans.org
+# Les anciennes ML @crans.org, @crans.ens-cachan.fr -> @lists.crans.org
 virtual_alias_maps = hash:/etc/postfix/virtual
 # +-------------+
@ -175,7 +195,7 @@ smtpd_recipient_restrictions = permit_mynetworks
 %end if
 # rejette les destinations non locales
 			       reject_unauth_destination
-%if @main
+%if @public
 # accepte si le champ contourneGreylist de la base est a OK
 			       check_recipient_access ldap:/etc/postfix/ldap-sqlgrey.cf
 # accepte si la greylist est d'accord
@ -188,7 +208,7 @@ message_size_limit = 4194304
 mailbox_size_limit = 78643000
 # Obligation de specifier le nom de domaine complet
-append_dot_mydomain = @yesno(@rescue)
+append_dot_mydomain = @yesno(@secondary)
 %if @main
 ## Filtrage AV
@ -201,7 +221,7 @@ lmtp_send_xforward_command=yes
 # Pieces jointes
 mime_header_checks = regexp:/etc/postfix/mime_header_checks
-%if not @rescue
+%if not @secondary
 # +----------------------+
 # | Connexion de secours |
 # +----------------------+
--- a/TCheetah/etc/postfix/master.cf/template
+++ b/TCheetah/etc/postfix/master.cf/template
@ -0,0 +1,158 @@
 # -*- coding: utf-8; mode: conf-unix -*-
 #
 # Fichier gere par BCfg2
 #
 # Fichier de configuration des demons de postfix
 #compiler-settings
 cheetahVarStartToken = @
 commentStartToken = %#
 multilineCommentStartToken = %*
 multilineCommentEndToken = *%
 directiveStartToken = %
 directiveEndToken = %
 #end compiler-settings
 %# +------------------------+
 %# | Utils pour le template |
 %# +------------------------+
 %# Indique si c'est un MX principal ou secondaire.
 %set @main = "mail-mx-main" in @metadata.groups
 %set @secondary = "mail-mx-secondary" in @metadata.groups
 %# Indique si c'est un MX public, par exemple le serveur
 %# des adherents est utilise uniquement en interne
 %set @public = "mail-mx-public" in @metadata.groups
 %set @shorthostname = @metadata.hostname.split('.',1)[0]
 %set @pub = @shorthostname + ".crans.org"
 %set @adm = @shorthostname + ".adm.crans.org"
 %set @loc = "127.0.0.1"
 # Postfix master process configuration file.  Each line describes how
 # a mailer component program should be run. The fields that make up
 # each line are described below. A "-" field value requests that a
 # default value be used for that field.
 #
 # Service: any name that is valid for the specified transport type
 # (the next field).  With INET transports, a service is specified as
 # host:port.  The host part (and colon) may be omitted. Either host
 # or port may be given in symbolic form or in numeric form. Examples
 # for the SMTP server:  localhost:smtp receives mail via the loopback
 # interface only; 10025 receives mail on port 10025.
 #
 # Transport type: "inet" for Internet sockets, "unix" for UNIX-domain
 # sockets, "fifo" for named pipes.
 #
 # Private: whether or not access is restricted to the mail system.
 # Default is private service.  Internet (inet) sockets can't be private.
 #
 # Unprivileged: whether the service runs with root privileges or as
 # the owner of the Postfix system (the owner name is controlled by the
 # mail_owner configuration variable in the main.cf file).
 #
 # Chroot: whether or not the service runs chrooted to the mail queue
 # directory (pathname is controlled by the queue_directory configuration
 # variable in the main.cf file). Presently, all Postfix daemons can run
 # chrooted, except for the pipe, virtual and local delivery daemons.
 # The files in the examples/chroot-setup subdirectory describe how
 # to set up a Postfix chroot environment for your type of machine.
 #
 # Wakeup time: automatically wake up the named service after the
 # specified number of seconds. A ? at the end of the wakeup time
 # field requests that wake up events be sent only to services that
 # are actually being used.  Specify 0 for no wakeup. Presently, only
 # the pickup, queue manager and flush daemons need a wakeup timer.
 #
 # Max procs: the maximum number of processes that may execute this
 # service simultaneously. Default is to use a globally configurable
 # limit (the default_process_limit configuration parameter in main.cf).
 # Specify 0 for no process count limit.
 #
 # Command + args: the command to be executed. The command name is
 # relative to the Postfix program directory (pathname is controlled by
 # the program_directory configuration variable). Adding one or more
 # -v options turns on verbose logging for that service; adding a -D
 # option enables symbolic debugging (see the debugger_command variable
 # in the main.cf configuration file). See individual command man pages
 # for specific command-line options, if any.
 #
 # In order to use the "uucp" message tranport below, set up entries
 # in the transport table.
 #
 # In order to use the "cyrus" message transport below, configure it
 # in main.cf as the mailbox_transport.
 #
 # SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
 # ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
 #
 # DO NOT CHANGE THE ZERO PROCESS LIMIT FOR CLEANUP/BOUNCE/DEFER OR
 # POSTFIX WILL BECOME STUCK UP UNDER HEAVY LOAD
 #
 # DO NOT CHANGE THE ONE PROCESS LIMIT FOR PICKUP/QMGR OR POSTFIX WILL
 # DELIVER MAIL MULTIPLE TIMES.
 #
 # DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
 #
 # ==========================================================================
 # service type	private	unpriv	chroot	wakeup	maxproc	command + args
 # 		(yes)	(yes)	(yes)	(never)	(50)
 # ==========================================================================
@pub:smtp inet	n	-	-	-	-	smtpd
 %if not @public
 	-o content_filter=lmtp:[amavis.adm.crans.org]:10024
 %end if
@loc:smtp inet	n	-	-	-	-	smtpd
 #628	  inet	n	-	-	-	-	qmqpd
 pickup	  fifo	n	-	-	60	1	pickup
 cleanup	  unix	n	-	-	-	0	cleanup
 qmgr	  fifo	n	-	-	300	1	qmgr
 #qmgr	  fifo	n	-	-	300	1	nqmgr
 rewrite	  unix	-	-	-	-	-	trivial-rewrite
 bounce	  unix	-	-	-	-	0	bounce
 defer	  unix	-	-	-	-	0	bounce
 trace	  unix	-	-	-	-	0	bounce
 verify	  unix	-	-	-	-	1	verify
 flush	  unix	n	-	-	1000?	0	flush
 proxymap  unix	-	-	n	-	-	proxymap
 smtp	  unix	-	-	-	-	-	smtp
 relay     unix  -       -       -       -       -       smtp
 showq     unix	n	-	-	-	-	showq
 error     unix	-	-	-	-	-	error
 local	  unix	-	n	n	-	-	local
 virtual	  unix	-	n	n	-	-	virtual
 lmtp	  unix	-	-	n	-	5	lmtp
 #
 # Interfaces to non-Postfix software. Be sure to examine the manual
 # pages of the non-Postfix software to find out what options it wants.
 # The Cyrus deliver program has changed incompatibly.
 #
 cyrus	  unix	-	n	n	-	-	pipe
  flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension} ${user}
 uucp	  unix	-	n	n	-	-	pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
 bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
 scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
 # only used by postfix-tls
 smtps	  inet	n	-	-	-	-	smtpd -o smtpd_tls_wrappermode=yes
 587	  inet	n	-	-	-	-	smtpd -o smtpd_enforce_tls=yes
 tlsmgr    fifo  -       -       n       300     1       tlsmgr
 %if @main
 # Serveur smtp pour recuperation des mails d'amavis
 # Verifie uniquement que le source viens bien du reseau
 # d'administration
@adm:smtp inet	n	-	n	-	-	smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=138.231.144.0/24
 %end if