Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
d5d968b7
Commit
d5d968b7
authored
Aug 05, 2018
by
Florian Pritz
Browse files
postfix: Implement authentication in wiki bounce handler
Signed-off-by:
Florian Pritz
<
bluewind@xinu.at
>
parent
b8845b0c
Changes
9
Hide whitespace changes
Inline
Side-by-side
host_vars/orion.archlinux.org/wiki-bouncehandler
0 → 100644
View file @
d5d968b7
$ANSIBLE_VAULT;1.1;AES256
39396466326266613063333338356431653461636562643535363038613865343230303430363564
3632646531646565336366396635353834633939316237610a343933366465663939303930376339
37363636363531323866653962353335613366333137343737316639323661636363633364346138
6462666365626134660a313632636537663137386437343662383335616665393561356165613333
38353364356238386364303065343333636463333234326234643332343137373639366130656335
64633533363034303664633435653937633566303537666164306130383738386235633232623965
38663164633230613432356266313135383838343331326534353365656432376463313366356231
61656338623134636265356561313630353935633037306430376430383034313631303538336637
33623733376363366336373337366663356434303931313132356164643334363630333834313665
32356336643436653763346333326432616438313530316530353937306237376563313032373333
34353763396166636161633036343935356334353335623034383238316532663930613864623335
61666165376662633934336232633634643961363064356566626235653530643261643039336436
62616438376161643930613063323739393237383563646630373430373734386430353933353433
35646463633034613166623233623164363638636533623037303465346239623962343337646665
31363065306539383066386362613635346431333135326461636136336232643030336464613430
35376537386236353236
roles/postfix/defaults/main.yml
View file @
d5d968b7
...
...
@@ -7,3 +7,7 @@ postfix_patchwork_user: "patchwork"
postfix_patchwork_mail_handler
:
"
/usr/local/bin/patchwork-parsemail-wrapper.sh"
mail_domain
:
"
mail.archlinux.org"
postfix_wiki_bounce_mail_handler
:
"
/usr/local/bin/wiki-bouncehandler.pl"
postfix_wiki_bounce_user
:
"
wiki_bouncehandler"
postfix_wiki_bounce_config
:
"
/etc/wiki-bouncehandler.conf"
roles/postfix/files/bouncehandler.pl
0 → 100644
View file @
d5d968b7
#!/usr/bin/env perl
use
strict
;
use
warnings
;
use
Config::
Simple
;
use
Data::
Dumper
;
use
MediaWiki::
API
;
die
"
Missing required argument (config file path)
"
if
@ARGV
==
0
;
my
$config
=
Config::
Simple
->
new
(
$ARGV
[
0
])
or
die
Config::
Simple
->
error
();
my
$mw
=
MediaWiki::
API
->
new
({
api_url
=>
'
https://wiki.archlinux.org/api.php
'});
$mw
->
login
(
{
lgname
=>
$config
->
param
('
bot_credentials.username
'),
lgpassword
=>
$config
->
param
('
bot_credentials.password
')
}
)
||
die
$mw
->
{
error
}
->
{
code
}
.
'
:
'
.
$mw
->
{
error
}
->
{
details
};
my
$stdin
=
do
{
local
$/
;
<
STDIN
>
};
my
$reply
=
$mw
->
api
({
action
=>
"
bouncehandler
",
email
=>
$stdin
,
})
||
die
$mw
->
{
error
}
->
{
code
}
.
'
:
'
.
$mw
->
{
error
}
->
{
details
};;
# output reply in case of error. doc doesn't say what the replies are so we just output everything for now
warn
Dumper
(
$reply
);
roles/postfix/tasks/main.yml
View file @
d5d968b7
...
...
@@ -11,6 +11,7 @@
-
main.cf
-
master.cf
-
transport
-
transport.pcre
-
aliases
-
relay_transport_map
-
users.pcre
...
...
@@ -60,6 +61,21 @@
template
:
src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
when
:
postfix_smtpd_public
-
name
:
install bouncehandler config
template
:
src=wiki-bouncehandler.conf.j2 dest={{postfix_wiki_bounce_config}} owner={{postfix_wiki_bounce_user}} group=root mode=0600
when
:
postfix_server
-
name
:
install packages for bounce handler
pacman
:
name=perl-mediawiki-api,perl-config-simple state=present
when
:
postfix_server
-
name
:
install bouncehandler script
copy
:
src=bouncehandler.pl dest={{postfix_wiki_bounce_mail_handler}} owner=root group=root mode=0755
when
:
postfix_server
-
name
:
make bouncehandler user
user
:
name={{postfix_wiki_bounce_user}} shell=/bin/false skeleton=/var/empty state={{"present" if postfix_server else "absent"}}
-
name
:
start and enable postfix
service
:
name=postfix enabled=yes state=started
...
...
roles/postfix/templates/aliases.j2
View file @
d5d968b7
...
...
@@ -28,5 +28,3 @@ abuse: postmaster
decode: root
devnull: /dev/null
wiki_bounce: "|curl -d action=bouncehandler --data-urlencode email@- https://wiki.archlinux.org/api.php"
roles/postfix/templates/main.cf.j2
View file @
d5d968b7
...
...
@@ -182,6 +182,7 @@ local_recipient_maps =
$alias_maps
${indexed}/mailman_compat
${indexed}/relay_transport_map
pcre:${config_directory}/transport.pcre
relocated_maps = ${indexed}/relocated
{% endif %}
...
...
@@ -193,12 +194,17 @@ relay_domains =
transport_maps =
${indexed}/transport
${indexed}/relay_transport_map
pcre:${config_directory}/transport.pcre
#${indexed}/temporary_mailman_maps
{% if postfix_patchwork_enabled %}
patchwork_destination_recipient_limit = 1
{% endif %}
{% if postfix_server %}
wiki_bouncehandler_destination_recipient_limit = 1
{% endif %}
authorized_mailq_users = root
header_checks = pcre:/etc/postfix/header_checks
...
...
roles/postfix/templates/master.cf.j2
View file @
d5d968b7
...
...
@@ -124,3 +124,8 @@ scache unix - - n - 1 scache
patchwork unix - n n - - pipe
flags=DFRX user={{postfix_patchwork_user}} argv={{postfix_patchwork_mail_handler}}
{% endif %}
{% if postfix_server %}
wiki_bouncehandler unix - n n - - pipe
flags=DFRX user={{postfix_wiki_bounce_user}} argv=/usr/bin/systemd-cat {{postfix_wiki_bounce_mail_handler}} {{postfix_wiki_bounce_config}}
{% endif %}
roles/postfix/templates/users.pcre.j2
View file @
d5d968b7
/wiki-bounce-[\w.]+-\w+-\w+-\w...............@archlinux.org/ wiki_bounce
roles/postfix/templates/wiki-bouncehandler.conf.j2
0 → 100644
View file @
d5d968b7
[bot_credentials]
username = {{wiki_bouncehandler_username}}
password = {{wiki_bouncehandler_password}}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment