|
@@ -228,12 +228,12 @@ For any other questions just send an email to - [contact@anonaddy.com](mailto:co
|
|
|
|
|
|
#### Prerequisites
|
|
|
|
|
|
-* Postfix (2.7)+
|
|
|
-* PHP (7.1+) and the [php-mailparse](https://pecl.php.net/package/mailparse) extension plus the [php-gnupg](https://pecl.php.net/package/gnupg) extension if you plan to encrypt forwarded emails
|
|
|
+* Postfix (3.0.0+) (plus postfix-mysql for database queries)
|
|
|
+* PHP (7.2+) and the [php-mailparse](https://pecl.php.net/package/mailparse) extension plus the [php-gnupg](https://pecl.php.net/package/gnupg) extension if you plan to encrypt forwarded emails
|
|
|
* Port 25 unblocked and open
|
|
|
-* Redis (4.x+) not required if you don't plan to use it for throttling or queues
|
|
|
+* Redis (4.x+) for throttling and queues
|
|
|
* FQDN as hostname e.g. mail.anonaddy.me
|
|
|
-* MariaDB / MySQL (or any other database compatible with Laravel)
|
|
|
+* MariaDB / MySQL
|
|
|
* Nginx
|
|
|
* SpamAssassin, Amavis, OpenDKIM, OpenDMARC, postfix-policyd-spf-python
|
|
|
* DNS records - MX, SPF, DKIM, DMARC
|
|
@@ -242,7 +242,7 @@ For any other questions just send an email to - [contact@anonaddy.com](mailto:co
|
|
|
|
|
|
#### Postfix configuration
|
|
|
|
|
|
-In /etc/postfix/master.cf you need to make sure it has this at the top:
|
|
|
+In `/etc/postfix/master.cf` you need to make sure it has this at the top:
|
|
|
|
|
|
```cf
|
|
|
smtp inet n - - - - smtpd
|
|
@@ -251,7 +251,7 @@ smtp inet n - - - - smtpd
|
|
|
|
|
|
This should be the only line for smtp.
|
|
|
|
|
|
-Then add this these lines to the bottom:
|
|
|
+Then add these lines to the bottom of the file:
|
|
|
|
|
|
```cf
|
|
|
anonaddy unix - n n - - pipe
|
|
@@ -262,6 +262,69 @@ Making sure to replace `youruser` with the username of the user who will run the
|
|
|
|
|
|
This is what will pipe the email through to our applicaton so we can determine who the alias belongs to and who to forward the email to.
|
|
|
|
|
|
+In order for Postfix to REJECT or DISCARD emails sent to deleted or deactivated aliases you need to ceate a file called `/etc/postfix/mysql-recipient-access.cf`.
|
|
|
+
|
|
|
+In this file enter the following:
|
|
|
+
|
|
|
+```
|
|
|
+user = your_database_user
|
|
|
+password = your-database-password
|
|
|
+hosts = 127.0.0.1
|
|
|
+dbname = your_database_name
|
|
|
+query = CALL block_alias('%s')
|
|
|
+```
|
|
|
+
|
|
|
+This query calls a stored procedure that we will create next, it passes the recipient's email address as the argument.
|
|
|
+
|
|
|
+Update the permissions of this file:
|
|
|
+
|
|
|
+```bash
|
|
|
+chmod o= /etc/postfix/mysql-recipient-access.cf
|
|
|
+chgrp postifx /etc/postfix/mysql-recipient-access.cf
|
|
|
+```
|
|
|
+
|
|
|
+Either from the command line or from an SQL client, run the following code to create the stored procedure.
|
|
|
+
|
|
|
+You will need to set appropriate permissions for your database user to allow them to execute the stored procedure.
|
|
|
+
|
|
|
+```sql
|
|
|
+DELIMITER $$
|
|
|
+
|
|
|
+USE `your_database_name`$$
|
|
|
+
|
|
|
+DROP PROCEDURE IF EXISTS `block_alias`$$
|
|
|
+
|
|
|
+CREATE DEFINER=`your_database_user`@`localhost` PROCEDURE `block_alias`(alias_email VARCHAR(254))
|
|
|
+BEGIN
|
|
|
+ UPDATE aliases SET
|
|
|
+ emails_blocked = emails_blocked + 1
|
|
|
+ WHERE email = alias_email AND active = 0 LIMIT 1;
|
|
|
+ SELECT IF(deleted_at IS NULL,'DISCARD','REJECT') AS alias_action
|
|
|
+ FROM aliases WHERE email = alias_email AND (active = 0 OR deleted_at IS NOT NULL) LIMIT 1;
|
|
|
+ END$$
|
|
|
+
|
|
|
+DELIMITER ;
|
|
|
+```
|
|
|
+
|
|
|
+Making sure to replace `your_database_name` with the name of your own database and `your_database_user` with the name of your database user with permission to access your database.
|
|
|
+
|
|
|
+Make a test call for the stored procedure as your database user to ensure everything is working as expected.
|
|
|
+
|
|
|
+```sql
|
|
|
+CALL block_alias('email@example.com')
|
|
|
+```
|
|
|
+
|
|
|
+Next we need to edit `/etc/postifx/main.cf` to include the above file. So find `smtpd_recipient_restrictions` and add the following line:
|
|
|
+
|
|
|
+```
|
|
|
+smtpd_recipient_restrictions =
|
|
|
+ ...
|
|
|
+ check_recipient_access mysql:/etc/postfix/mysql-recipient-access.cf,
|
|
|
+ ...
|
|
|
+```
|
|
|
+
|
|
|
+Now incoming emails will be checked against your database to see if they are deactivated or have been deleted and respond with the appropriate action.
|
|
|
+
|
|
|
More instructions to follow soon...
|
|
|
|
|
|
## Thanks
|