From a53092687e137f36e22dc51766bb12a61465f5cc Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Thu, 12 Nov 2020 21:31:31 -0800 Subject: [PATCH] puppet: Only match incoming gateway address on our mail domain. 79931051bd27b60887aeb9c85b3ed92fa21df9ac allows outgoing emails from localhost, but outgoing recipients are still subjected to virtualmaps. This caused all outgoing email from Zulip with destination addresses containing `.`, `+`, or starting with `mm`, to be redirected back through the email gateway. Bracket the virualmap addresses used for local delivery to the mail gateway with a restriction on the domain matching the `postfix.mailname` configuration, regex-escaped, so those only apply to email destined for that domain. The hostname is _not_ moved from `mydestination` to `virtual_alias_domains`, as that would preclude delivery to actually-local addresses, like `postmaster@`. --- puppet/zulip/manifests/postfix_localmail.pp | 2 +- .../{files/postfix/virtual => templates/postfix/virtual.erb} | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) rename puppet/zulip/{files/postfix/virtual => templates/postfix/virtual.erb} (73%) diff --git a/puppet/zulip/manifests/postfix_localmail.pp b/puppet/zulip/manifests/postfix_localmail.pp index 737a4a4961..9a5e0be845 100644 --- a/puppet/zulip/manifests/postfix_localmail.pp +++ b/puppet/zulip/manifests/postfix_localmail.pp @@ -45,7 +45,7 @@ class zulip::postfix_localmail { mode => '0644', owner => root, group => root, - source => 'puppet:///modules/zulip/postfix/virtual', + content => template('zulip/postfix/virtual.erb'), require => Package[postfix], notify => Service['postfix'], } diff --git a/puppet/zulip/files/postfix/virtual b/puppet/zulip/templates/postfix/virtual.erb similarity index 73% rename from puppet/zulip/files/postfix/virtual rename to puppet/zulip/templates/postfix/virtual.erb index 96e1a9bfcd..09c8db7d93 100644 --- a/puppet/zulip/files/postfix/virtual +++ b/puppet/zulip/templates/postfix/virtual.erb @@ -1,6 +1,7 @@ +if /@<%= Regexp.escape(@postfix_mailname) %>\.?$/ # Changes to this list require a corresponding change to `access` as # well. - /\+.*@/ zulip@localhost /\..*@/ zulip@localhost /^mm/ zulip@localhost +endif