Update Postfix image to 1.69 + improvements

2023-06-23 15:48:13 +02:00
parent 380cdab6fc
commit 408381bddb
4 changed files with 48 additions and 8 deletions
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -33,6 +33,7 @@ RUN groupadd -g 102 postfix \
 	syslog-ng-core \
 	syslog-ng-mod-redis \
  tzdata \
+    whois \
 	&& rm -rf /var/lib/apt/lists/* \
 	&& touch /etc/default/locale \
  && printf '#!/bin/bash\n/usr/sbin/postconf -c /opt/postfix/conf "$@"' > /usr/local/sbin/postconf \
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -394,6 +394,8 @@ query = SELECT goto FROM spamalias
 EOF

 if [ -n "$SPAMHAUS_DQS_KEY" ]; then
+  echo "Detected SPAMHAUS_DQS_KEY variable from mailcow.conf..."
+  echo "Using DQS Blocklists from Spamhaus!"
  cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
    # Autogenerated by mailcow
    postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
@@ -426,6 +428,39 @@ if [ -n "$SPAMHAUS_DQS_KEY" ]; then
 EOF

 else
+  if curl -s http://fuzzy.mailcow.email/asn_list.txt | grep $(whois -h whois.radb.net $(curl -s http://ipv4.mailcow.email) | grep -i origin | tr -s " " | cut -d " " -f2 | head -1) > /dev/null; then
+  echo "The AS of your IP is listed as a banned AS from Spamhaus!"
+  echo "No SPAMHAUS_DQS_KEY found... Skipping Spamhaus blocklists entirely!"
+  cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
+    # Autogenerated by mailcow
+    postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+      hostkarma.junkemailfilter.com=127.0.0.1*-2
+      list.dnswl.org=127.0.[0..255].0*-2
+      list.dnswl.org=127.0.[0..255].1*-4
+      list.dnswl.org=127.0.[0..255].2*-6
+      list.dnswl.org=127.0.[0..255].3*-8
+      ix.dnsbl.manitu.net*2
+      bl.spamcop.net*2
+      bl.suomispam.net*2
+      hostkarma.junkemailfilter.com=127.0.0.2*3
+      hostkarma.junkemailfilter.com=127.0.0.4*2
+      hostkarma.junkemailfilter.com=127.0.1.2*1
+      backscatter.spameatingmonkey.net*2
+      bl.ipv6.spameatingmonkey.net*2
+      bl.spameatingmonkey.net*2
+      b.barracudacentral.org=127.0.0.2*7
+      bl.mailspike.net=127.0.0.2*5
+      bl.mailspike.net=127.0.0.[10;11;12]*4
+      dnsbl.sorbs.net=127.0.0.10*8
+      dnsbl.sorbs.net=127.0.0.5*6
+      dnsbl.sorbs.net=127.0.0.7*3
+      dnsbl.sorbs.net=127.0.0.8*2
+      dnsbl.sorbs.net=127.0.0.6*2
+      dnsbl.sorbs.net=127.0.0.9*2
+EOF
+  else
+  echo "The AS of your IP is NOT listed as a banned AS from Spamhaus!"
+  echo "Using the open Spamhaus blocklists."
  cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
    # Autogenerated by mailcow
    postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
@@ -457,6 +492,7 @@ else
      zen.spamhaus.org=127.0.0.3*4
      zen.spamhaus.org=127.0.0.2*3
 EOF
+  fi
 fi

 sed -i '/User overrides/q' /opt/postfix/conf/main.cf