stack.erp5: Fix mail diversion support.

Use a special milter to do what postfix cannot do with its internal mechanisms. - fixes postfix-generated bounces so they reach postmaster mail address without being rewritten - actually makes postfix relay rewritten mails (virtual_alias implicitly affects virtual_domains, in turn making all mail addresses considered locally hosted, which cannot and must not successfully deliver) Also, backport a yet-unreleased-but-already-upstreamed patch fixing rcpt value truncation, which breaks when recipient address is not enclosed in angle brackets - making the mail still reach original recipient.

stack.erp5: Fix mail diversion support.
Use a special milter to do what postfix cannot do with its internal mechanisms. - fixes postfix-generated bounces so they reach postmaster mail address without being rewritten - actually makes postfix relay rewritten mails (virtual_alias implicitly affects virtual_domains, in turn making all mail addresses considered locally hosted, which cannot and must not successfully deliver) Also, backport a yet-unreleased-but-already-upstreamed patch fixing rcpt value truncation, which breaks when recipient address is not enclosed in angle brackets - making the mail still reach original recipient.
36a07603 · Vincent Pelletier · e9787ef4 · 36a07603 · 36a07603 · 36a07603
Commit 36a07603 authored Feb 21, 2017 by Vincent Pelletier
6 changed files
--- a/component/egg-patch/python_libmilter/0001-fix-rcpt-gets-cut-off.patch
+++ b/component/egg-patch/python_libmilter/0001-fix-rcpt-gets-cut-off.patch
+From d60a73882f288e7c953d3ad786ee3f041d5c04ea Mon Sep 17 00:00:00 2001
+From: kaktus42 <vowinkel.alexander@gmail.com>
+Date: Wed, 23 Nov 2016 16:15:07 +0100
+Subject: fix: rcpt gets cut off
+
+for me, with postfix: `data[0]` is `'Rpost@example.com\x00'` and gets cut to `ost@example.co` with `rcpt = data[2:-2]`
+---
+ libmilter.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libmilter.py b/libmilter.py
+index 5fc9405..c80e6cf 100755
+--- a/libmilter.py
+++ b/libmilter.py
+@@ -815,7 +815,7 @@ class MilterProtocol(object):
+         data = data[0]
+         rcpt = ''
+         if data:
+-            rcpt = data[2:-2]
+            rcpt = data[1:-1]
+         elif md.has_key('rcpt_addr'):
+             rcpt = md['rcpt_addr']
+         if md.has_key('i'):
+-- 
+2.11.0
+
--- a/stack/erp5/buildout.cfg
+++ b/stack/erp5/buildout.cfg
@@ -102,6 +102,7 @@ parts +=

 # Buildoutish
  eggs
+  eggs-all-scripts
  testrunner
  test_suite_runner

@@ -562,6 +563,14 @@ Products.DCWorkflow-patch-options = -p1
 python-magic-patches = ${:_profile_base_location_}/../../component/egg-patch/python_magic/magic.patch#de0839bffac17801e39b60873a6c2068
 python-magic-patch-options = -p1

+[eggs-all-scripts]
+recipe = zc.recipe.egg
+eggs =
+  munnel
+patch-binary = ${eggs:patch-binary}
+python-libmilter-patches = ${:_profile_base_location_}/../../component/egg-patch/python_libmilter/0001-fix-rcpt-gets-cut-off.patch#83d72def8ac5ef3e3cac5e7b70603bd0
+python-libmilter-patch-options = -p1
+
 [zodbanalyze]
 recipe = zc.recipe.egg
 eggs = erp5.util
@@ -685,6 +694,7 @@ ipython-genutils = 0.1.0
 ipywidgets = 5.2.2
 logilab-common = 1.3.0
 matplotlib = 2.0.0
+munnel = 0.2
 mistune = 0.7.3
 msgpack-python = 0.4.8
 notebook = 4.3.2
@@ -701,6 +711,7 @@ pycountry = 17.1.8
 pyflakes = 1.5.0
 # pylint 1.5.1 breaks testDynamicClassGeneration
 pylint = 1.4.4
+python-libmilter = 1.0.1
 python-memcached = 1.58
 pytracemalloc = 1.2
 pyzmq = 16.0.2

--- a/stack/erp5/buildout.hash.cfg
+++ b/stack/erp5/buildout.hash.cfg
@@ -55,7 +55,7 @@ md5sum = 79f789360e71146486c82a7a10834bae

 [template-postfix]
 filename = instance-postfix.cfg.in
-md5sum = 2fd9ec619456fd00e7482cebc5c41f76
+md5sum = e217f8b55f22d99ee2352eba6807d6f6

 [template-postfix-master-cf]
 filename = postfix_master.cf.in
@@ -63,7 +63,7 @@ md5sum = 9ac81647368068a1a98a785d08074b43

 [template-postfix-main-cf]
 filename = postfix_main.cf.in
-md5sum = 66b273861888c8bd59e46de399d2c1d8
+md5sum = 4fe9bb5225b9d7650d2916a0945821bd

 [template-postfix-aliases]
 filename = postfix_aliases.in
@@ -71,7 +71,7 @@ md5sum = 0969fbb25b05c02ef3c2d437b2f4e1a0

 [template]
 filename = instance.cfg.in
-md5sum = 9d6c7b1a17cf2a5987e8c9f4c9239736
+md5sum = 8f22973e627a28cd700c485dafd7bffe

 [monitor-template-dummy]
 filename = dummy.cfg

--- a/stack/erp5/instance-postfix.cfg.in
+++ b/stack/erp5/instance-postfix.cfg.in
@@ -12,6 +12,7 @@
 {% do alias_dict.setdefault('postmaster', [slapparameter_dict['postmaster']]) -%}
 {% set smtpd_sasl_user = slapparameter_dict['smtpd-sasl-user'] -%}
 {% set smtpd_sasl_password = slapparameter_dict['smtpd-sasl-password'] -%}
+{% set milter_list = [] %}

 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
@@ -55,14 +56,34 @@ var-spool-postfix-public = ${:var-spool-postfix}/public
 var-spool-postfix-saved = ${:var-spool-postfix}/saved
 var-spool-postfix-trace = ${:var-spool-postfix}/trace

+{% if divert -%}
+{%   set milter_port = tcpv4_port + 1 -%}
+{%   set socket = 'inet:' ~ ip ~ ':' ~ milter_port -%}
+[{{ section('divert-milter') }}]
+recipe = slapos.cookbook:wrapper
+parameters-extra = true
+command-line =
+  '{{ parameter_dict['buildout-bin-directory'] }}/munnel'
+  --listen '{{ socket }}'
+  -- {{ ' '.join(divert) }}
+wrapper-path = ${directory:run}/munnel
+{%   do milter_list.append(socket) -%}
+
+[{{ section('munnel-promise') }}]
+recipe = slapos.cookbook:check_port_listening
+path = ${directory:promise}/munnel
+hostname = {{ ip }}
+port = {{ milter_port }}
+{% endif -%}
+
 [configuration]
 smtp = {{ dumps(tcpv4_port) }}
 inet-interfaces = {{ dumps(ip) }}
 alias-dict = {{ dumps(alias_dict) }}
 relayhost = {{ dumps(relay.get('host')) }}
 relay-sasl-credential = {{ dumps(relay.get('sasl-credential')) }}
-divert = {{ dumps(divert) }}
 cyrus-sasldb = ${directory:etc-cyrus}/postfix.gdbm
+milter-list = {{ dumps(milter_list) }}

 [userinfo]
 recipe = slapos.cookbook:userinfo
@@ -98,17 +119,6 @@ command =
  echo '{{ smtpd_sasl_password }}' | '${wrapper-postfix-saslpasswd2:wrapper-path}' -pc '{{ smtpd_sasl_user }}'
 update-command = ${:command}

-[divert]
-< = jinja2-template-base
-rendered = ${directory:etc-postfix}/divert
-{% if divert -%}
-template = inline:{{ "/.*/ {{ ', '.join(divert) }}" }}
-{%- else -%}
-template = inline:
-{%- endif %}
-context =
-    key divert configuration:divert
-
 [smtpd-ssl]
 recipe = plone.recipe.command
 stop-on-error = true
@@ -140,7 +150,7 @@ context =
    key relayhost configuration:relayhost
    key sasl_passwd typed-paths:smtp-sasl-passwd
    key aliases typed-paths:aliases
-    key divert typed-paths:divert
+    key milter_list configuration:milter-list
    key cyrus_directory directory:etc-cyrus
    key cert smtpd-ssl:cert
    key key smtpd-ssl:key
@@ -164,7 +174,6 @@ context =
 # Postfix-friendly rendering of file paths, prefixed with database type.
 aliases = hash:${aliases:rendered}
 smtp-sasl-passwd = hash:${smtp-sasl-passwd:rendered}
-divert = pcre:${divert:rendered}

 [{{ section('postalias-db') }}]
 recipe = plone.recipe.command

--- a/stack/erp5/instance.cfg.in
+++ b/stack/erp5/instance.cfg.in
@@ -54,6 +54,7 @@ extra-context =

 [dynamic-template-postfix-parameters]
 bin-directory = {{ bin_directory }}
+buildout-bin-directory = {{ buildout_bin_directory }}
 cyrus-sasl-location = {{ cyrus_sasl_location }}
 openssl = {{ openssl_location }}
 postfix-location = {{ postfix_location }}

--- a/stack/erp5/postfix_main.cf.in
+++ b/stack/erp5/postfix_main.cf.in
@@ -19,7 +19,6 @@ readme_directory =
 inet_interfaces = {{ inet_interfaces }}
 smtp_bind_address = 0.0.0.0
 smtp_bind_address6 = ::
-virtual_alias_maps = {{ divert }}

 # Compared to default:
 # - remove X-related variables, irrelevant for slapos, to be concise
@@ -56,6 +55,8 @@ smtpd_relay_restrictions =
 # Disable local delivery
 local_transport = error

+smtpd_milters ={{ '\n  '.join(milter_list) }}
+
 {% if relayhost -%}
 relayhost = {{ relayhost }}
 smtp_tls_security_level = encrypt