[Postfix, Web] Feature: Show last SMTP login

2020-09-15 11:02:53 +02:00
parent 28041b1d97
commit 1f36ae28d4
7 changed files with 49 additions and 7 deletions
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -189,6 +189,7 @@ smtp_sasl_auth_soft_bounce = no
 postscreen_discard_ehlo_keywords = silent-discard, dsn
 compatibility_level = 2
 smtputf8_enable = no
+smtpd_last_auth = check_policy_service inet:127.0.0.1:10028
 # Define protocols for SMTPS and submission service
 submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -16,6 +16,7 @@ smtps    inet  n       -       n       -       -       smtpd
  -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
  -o tls_preempt_cipherlist=yes
  -o syslog_name=postfix/smtps
+  -o smtpd_end_of_data_restrictions=$smtpd_last_auth
 10465    inet  n       -       n       -       -       smtpd
  -o smtpd_upstream_proxy_protocol=haproxy
  -o smtpd_tls_wrappermode=yes
@@ -23,6 +24,7 @@ smtps    inet  n       -       n       -       -       smtpd
  -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
  -o tls_preempt_cipherlist=yes
  -o syslog_name=postfix/smtps-haproxy
+  -o smtpd_end_of_data_restrictions=$smtpd_last_auth

 # smtpd with starttls on 587/tcp
 # TLS protocol can be modified by setting submission_smtpd_tls_mandatory_protocols in extra.cf
@@ -33,6 +35,7 @@ submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
  -o tls_preempt_cipherlist=yes
  -o syslog_name=postfix/submission
+  -o smtpd_end_of_data_restrictions=$smtpd_last_auth
 10587      inet n       -       n       -       -       smtpd
  -o smtpd_upstream_proxy_protocol=haproxy
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
@@ -41,6 +44,7 @@ submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
  -o tls_preempt_cipherlist=yes
  -o syslog_name=postfix/submission-haproxy
+  -o smtpd_end_of_data_restrictions=$smtpd_last_auth

 # used by SOGo
 # smtpd_sender_restrictions should match main.cf, but with check_sasl_access prepended for login-as-mailbox-user function
@@ -49,6 +53,7 @@ submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_auth_only=no
  -o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain
  -o syslog_name=postfix/sogo
+  -o smtpd_end_of_data_restrictions=$smtpd_last_auth

 # used to reinject quarantine mails
 590 inet n      -       n       -       -       smtpd
@@ -58,13 +63,13 @@ submission inet n       -       n       -       -       smtpd
  -o smtpd_milters=
  -o non_smtpd_milters=
  -o syslog_name=postfix/quarantine
+  -o smtpd_end_of_data_restrictions=$smtpd_last_auth

 # enforced smtp connector
 smtp_enforced_tls      unix  -       -       n       -       -       smtp
  -o smtp_tls_security_level=encrypt
  -o syslog_name=enforced-tls-smtp
  -o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
-
 # smtp connector used, when a transport map matched
 # this helps to have different sasl maps than we have with sender dependent transport maps
 smtp_via_transport_maps      unix  -       -       n       -       -       smtp
@@ -100,6 +105,7 @@ maildrop   unix  -       n       n       -       -       pipe flags=DRhu

 # start whitelist_fwd
 127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh
+127.0.0.1:10028 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/smtpd_last_login.sh
 # end whitelist_fwd

 # start watchdog-specific