Postfix check_sender_access: Switch hash map to pcre table.

2018-06-01 15:18:07 +08:00 · 2018-06-01 15:18:07 +08:00 · fac8d91516
parent 3981ae43c4
commit fac8d91516
4 changed files with 35 additions and 27 deletions
--- a/en_US/howto/allow.user.to.send.email.without.authentication.md
+++ b/en_US/howto/allow.user.to.send.email.without.authentication.md
@ -1,13 +1,15 @@
 # Allow user to send email without smtp authentication

+[TOC]
+
 ## Postfix

-Create a plain text file: `/etc/postfix/accepted_unauth_senders`, list all
+Create a plain text file: `/etc/postfix/sender_access.pcre`, list all
 users' email addresses which are allowed to send email without smtp
 authentication. We use user email address `user@example.com` for example:

 ```
-user@example.com OK
+/^user@example\.com$/ OK
 ```

 It's ok to use IP address instead like below:
@ -15,22 +17,16 @@ It's ok to use IP address instead like below:
 > For more allowed sender format, please check Postfix manual page: [access(5)](http://www.postfix.org/access.5.html).

 ```
-192.168.1.1 OK
-192.168.2   OK
-172.16      OK
+/^192\.168\.1\.1$/ OK
+/^192\.168\.2\./   OK
+/^172\.16\./       OK
 ```

-Create hash db file with `postmap` command:
-
-```
-# postmap hash:/etc/postfix/accepted_unauth_senders
-```
-
-Modify Postfix config file `/etc/postfix/main.cf` to use this text file:
+Update Postfix config file `/etc/postfix/main.cf` to use this pcre file:

 ```
 smtpd_sender_restrictions = 
-    check_sender_access hash:/etc/postfix/accepted_unauth_senders,
+    check_sender_access pcre:/etc/postfix/sender_access.pcre,
    [...OTHER RESTRICTIONS HERE...]
 ```

@ -64,3 +60,10 @@ MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
 ```

 Restarting iRedAPD service is required if you updated `/opt/iredapd/settings.py`.
+
+## References
+
+* Postfix documents:
+    * [check_sender_access](http://www.postfix.org/postconf.5.html#check_sender_access)
+    * Manual page: [access(5)](http://www.postfix.org/access.5.html)
+    * Manual page: [pcre_table(5)](http://www.postfix.org/pcre_table.5.html)
--- a/en_US/upgrade/0-upgrade.sogo.3.to.4.md
+++ b/en_US/upgrade/0-upgrade.sogo.3.to.4.md
@ -41,7 +41,7 @@ exclude=gnustep*

 ```
 yum clean all
-yum update sogo* sope*
+yum update 'sogo*' 'sope*'
 ```

 * Run the script shipped in SOGo-4.x to update SQL structure:
--- a/html/allow.user.to.send.email.without.authentication.html
+++ b/html/allow.user.to.send.email.without.authentication.html
@ -21,28 +21,24 @@
 </div>
 <h1 id="allow-user-to-send-email-without-smtp-authentication">Allow user to send email without smtp authentication</h1>
 <h2 id="postfix">Postfix</h2>
-<p>Create a plain text file: <code>/etc/postfix/accepted_unauth_senders</code>, list all
+<p>Create a plain text file: <code>/etc/postfix/sender_access.pcre</code>, list all
 users' email addresses which are allowed to send email without smtp
 authentication. We use user email address <code>user@example.com</code> for example:</p>
-<pre><code>user@example.com OK
+<pre><code>/^user@example\.com$/ OK
 </code></pre>

 <p>It's ok to use IP address instead like below:</p>
 <blockquote>
 <p>For more allowed sender format, please check Postfix manual page: <a href="http://www.postfix.org/access.5.html">access(5)</a>.</p>
 </blockquote>
-<pre><code>192.168.1.1 OK
-192.168.2   OK
-172.16      OK
+<pre><code>/^192\.168\.1\.1$/ OK
+/^192\.168\.2\./   OK
+/^172\.16\./       OK
 </code></pre>

-<p>Create hash db file with <code>postmap</code> command:</p>
-<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
-</code></pre>
-
-<p>Modify Postfix config file <code>/etc/postfix/main.cf</code> to use this text file:</p>
+<p>Update Postfix config file <code>/etc/postfix/main.cf</code> to use this pcre file:</p>
 <pre><code>smtpd_sender_restrictions = 
-    check_sender_access hash:/etc/postfix/accepted_unauth_senders,
+    check_sender_access pcre:/etc/postfix/sender_access.pcre,
    [...OTHER RESTRICTIONS HERE...]
 </code></pre>

@ -71,7 +67,16 @@ device like printer, fax, we can also its IP address directly.</p>
 <pre><code>MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
 </code></pre>

-<p>Restarting iRedAPD service is required if you updated <code>/opt/iredapd/settings.py</code>.</p><div class="footer">
+<p>Restarting iRedAPD service is required if you updated <code>/opt/iredapd/settings.py</code>.</p>
+<h2 id="references">References</h2>
+<ul>
+<li>Postfix documents:<ul>
+<li><a href="http://www.postfix.org/postconf.5.html#check_sender_access">check_sender_access</a></li>
+<li>Manual page: <a href="http://www.postfix.org/access.5.html">access(5)</a></li>
+<li>Manual page: <a href="http://www.postfix.org/pcre_table.5.html">pcre_table(5)</a></li>
+</ul>
+</li>
+</ul><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
 </div>
 <!-- Global site tag (gtag.js) - Google Analytics -->
--- a/html/upgrade.sogo.3.to.4.html
+++ b/html/upgrade.sogo.3.to.4.html
@ -65,7 +65,7 @@ cp /etc/sysconfig/sogo /root/sogo-backup/sysconfig/
 <li>Upgrade SOGo packages:</li>
 </ul>
 <pre><code>yum clean all
-yum update sogo* sope*
+yum update 'sogo*' 'sope*'
 </code></pre>

 <ul>