email: Drop special handling for outbound filtering

- Reduces a lot of complexity and avoids running a couple of more postfix daemons (one on 10025 port and other on socket fbxcleanup). - Cleaning outbound headers for privacy can be done in a simpler way. This may be re-implemented later. - Masquerading domains is not very important for FreedomBox use case. Users are expected to send all mail using MUA using properly configured email addresses. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-01-28 08:03:36 +00:00 · 2022-02-14 13:10:40 -08:00 · 2022-02-14 13:10:40 -08:00 · 0d5366a356
commit 0d5366a356
parent 84f7b60bc5
8 changed files with 7 additions and 132 deletions
--- a/plinth/modules/email/audit/spam.py
+++ b/plinth/modules/email/audit/spam.py
@ -6,62 +6,9 @@ import subprocess
 from plinth import actions
 from plinth.modules.email import postconf

-milter_config = {
-    'milter_mail_macros':
-        'i ' + ' '.join([
-            '{auth_type}', '{auth_authen}', '{auth_author}', '{client_addr}',
-            '{client_name}', '{mail_addr}', '{mail_host}', '{mail_mailer}'
-        ]),
-    # XXX In postconf this field is a list
-    'smtpd_milters':
-        'inet:127.0.0.1:11332',
-    # XXX In postconf this field is a list
-    'non_smtpd_milters':
-        'inet:127.0.0.1:11332',
-    'milter_header_checks':
-        'regexp:fbx-managed/pre-queue-milter-headers',
-
-    # Last-resort internal header cleanup at smtp client
-    'smtp_header_checks':
-        'regexp:/etc/postfix/freedombox-internal-cleanup',
-}
-
-# FreedomBox egress filtering
-
-egress_filter = postconf.ServiceFlags(service='127.0.0.1:10025', type='inet',
-                                      private='n', unpriv='-', chroot='y',
-                                      wakeup='-', maxproc='-',
-                                      command_args='smtpd')
-
-egress_filter_options = {
-    'syslog_name': 'postfix/fbxout',
-    'cleanup_service_name': 'fbxcleanup',
-    'content_filter': '',
-    'receive_override_options': 'no_unknown_recipient_checks',
-    'smtpd_helo_restrictions': '',
-    'smtpd_client_restrictions': '',
-    'smtpd_relay_restrictions': '',
-    'smtpd_recipient_restrictions': 'permit_mynetworks,reject',
-    'mynetworks': '127.0.0.0/8,[::1]/128'
-}
-
-egress_filter_cleanup = postconf.ServiceFlags(service='fbxcleanup',
-                                              type='unix', private='n',
-                                              unpriv='-', chroot='y',
-                                              wakeup='-', maxproc='0',
-                                              command_args='cleanup')
-
-egress_filter_cleanup_options = {
-    'syslog_name': 'postfix/fbxout',
-    # "From" domain rewriting
-    'sender_canonical_maps': 'regexp:/etc/postfix/freedombox-rewrite-sender',
-    'local_header_rewrite_clients': 'static:all',
-    # "From" domain masquerading
-    'masquerade_domains': '$mydomain',
-    'masquerade_classes': 'envelope_sender,header_sender',
-    # Header privacy
-    'header_checks': 'regexp:/etc/postfix/freedombox-header-cleanup',
-    'nested_header_checks': ''
+_milter_config = {
+    'smtpd_milters': 'inet:127.0.0.1:11332',
+    'non_smtpd_milters': 'inet:127.0.0.1:11332',
 }

 def repair():
@ -70,11 +17,7 @@ def repair():

 def action_set_filter():
    _compile_sieve()
-    postconf.set_master_cf_options(egress_filter, egress_filter_options)
-    postconf.set_master_cf_options(egress_filter_cleanup,
-                                   egress_filter_cleanup_options)
-
-    postconf.set_many(milter_config)
+    postconf.set_many(_milter_config)


 def _compile_sieve():
--- a/plinth/modules/email/data/etc/postfix/freedombox-header-cleanup
+++ b/plinth/modules/email/data/etc/postfix/freedombox-header-cleanup
@ -1,14 +0,0 @@
-# -*- mode: conf-space -*-
-# This file is managed by FreedomBox. Direct edits will be lost!
-
-# Outbound header privacy
-/^Delivered-To:/ IGNORE
-/^Received[:-]/ IGNORE
-/^User-Agent:/ IGNORE
-/^X-EIP:/ IGNORE
-/^X-Mailer:/ IGNORE
-/^X-Originating-IP:/ IGNORE
-/^X-Sender:/ IGNORE
-# Currently localhost:10025 does not have a milter
-# so it is fine to delete internal headers now
-/^X-Fbx-/ IGNORE
--- a/plinth/modules/email/data/etc/postfix/freedombox-internal-cleanup
+++ b/plinth/modules/email/data/etc/postfix/freedombox-internal-cleanup
@ -1,5 +0,0 @@
-# -*- mode: conf-space -*-
-# This file is managed by FreedomBox. Direct edits will be lost!
-
-# Scrub all internal headers
-/^X-Fbx-/ IGNORE
--- a/plinth/modules/email/data/etc/postfix/freedombox-rewrite-sender
+++ b/plinth/modules/email/data/etc/postfix/freedombox-rewrite-sender
@ -1,7 +0,0 @@
-# -*- mode: conf-space -*-
-# This file is managed by FreedomBox
-# regexp sender canonical map
-
-# Remove the domain part from email addresses
-# Postfix will append @$myhostname
-/^([^@]+)@/ $1
--- a/plinth/modules/email/data/etc/rspamd/local.d/freedombox-milter-headers.conf
+++ b/plinth/modules/email/data/etc/rspamd/local.d/freedombox-milter-headers.conf
@ -1,39 +1,10 @@
-# The following section is managed by FreedomBox
-# Be careful not to edit
+# The file is managed by FreedomBox. Do not to edit.

-use = ["x-fbx-mail-type", "authentication-results", "x-spam-level",
-       "x-spam-status", "x-spamd-bar", "x-spamd-result"];
+use = ["authentication-results", "x-spam-level", "x-spam-status",
+       "x-spamd-bar", "x-spamd-result"];

 routines {
  authentication-results {
    add_smtp_user = false;
  }
 }
-
-# Custom headers required by FreedomBox filtering system
-custom {
-x-fbx-mail-type = <<EOD
-  return function(task, common_meta)
-    -- parameters are task and metadata from previous functions
-    -- add headers
-    local add_table = {["x-fbx-mail-type"] = "unknown;"}
-    local auth_user = task:get_user()
-    if auth_user == nil or auth_user == "" then
-      add_table["x-fbx-mail-type"] = "smtpd-anon;"
-    else
-      add_table["x-fbx-mail-type"] = "smtpd-submission;"
-      -- add_table["x-fbx-sasl-user"] = auth_user
-    end
-    -- remove foreign x-fbx- headers
-    local remove_table = {}
-    local function callback(header_name, header_value)
-      local prefix = "x-fbx-"
-      if header_name:lower():sub(1, #prefix) == prefix then
-        remove_table[header_name] = 0
-      end
-    end
-    task:headers_foreach(callback, {full = 'true'})
-    return nil, add_table, remove_table, {}
-  end
-EOD;
-}
--- a/plinth/modules/email/data/var/spool/postfix/fbx-managed/README.txt
+++ b/plinth/modules/email/data/var/spool/postfix/fbx-managed/README.txt
@ -1,5 +0,0 @@
-DO NOT PUT PERSONAL ITEMS HERE!
-This folder in its entirety is managed by FreedomBox.
-
-/var/spool/postfix/fbx-managed/ contains config files read by chrooted Postfix
-services.
--- a/plinth/modules/email/data/var/spool/postfix/fbx-managed/pre-queue-milter-headers
+++ b/plinth/modules/email/data/var/spool/postfix/fbx-managed/pre-queue-milter-headers
@ -1,7 +0,0 @@
-# -*- mode: conf-space -*-
-# This file is managed by FreedomBox. Direct edits will be lost!
-
-# Outbound
-/^X-Fbx-Mail-Type: smtpd-submission;/ FILTER smtp:[127.0.0.1]:10025
-# Inbound
-/^X-Fbx-Mail-Type: smtpd-anon;/ IGNORE
--- a/plinth/modules/email/manifest.py
+++ b/plinth/modules/email/manifest.py
@ -64,7 +64,6 @@ backup = {
    'data': {
        'files': ['/etc/aliases', ],
        'directories': [
-            '/var/spool/postfix/fbx-managed/',
            '/etc/postfix/',
            '/etc/dovecot/conf.d/',
            '/etc/rspamd/',