forked from stevejenkins/postwhite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
query_mailer_ovh
executable file
·103 lines (72 loc) · 3.18 KB
/
query_mailer_ovh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/bin/bash
###########################################################################
# Query Mailer - Generates a Postscreen allowlist for a mailhost that #
# doesn't publish their outbound mailer IPs via SPF records #
# https://github.com/stevejenkins/postwhite #
###########################################################################
# By Jesse Norell (https://github.com/jnorell)
# and Steve Jenkins (https://www.stevejenkins.com/)
version="1.2"
lastupdated="17 April 2018"
allowlist_file="/etc/postfix/postscreen_ovh_allowlist.cidr"
# set debug=true to display output as this script runs
debug=false
###########################################################################
# This script uses "mail-out.ovh.net" as a working example of a mailhost
# that does not publish their outbound mailer IP address via SPF records. To
# use this script as a template for additional hosts:
# 1. Copy this script to a new unique filename
# 2. Edit the script's mailhost and numerical range values as required
# 3. Set a unique output file (/etc/postfix/postscreen_*_allowlist.cidr)
# 4. Configure cron to run the new script as often as you like
# 5. Include the output file in Postfix's postscreen_access_list parameter
###########################################################################
# If debug=true, show script commands as they are run
[ "${debug}" = true ] && set -x
# If debug=true, print message output, else hide it
if [ "${debug}" = true ]; then
function debug() { printf "$@"; }
else
function debug() { :; }
fi
umask 022
# create tmp file
temp_file=$(mktemp --tmpdir ovh_hosts.XXXXXXXXXX)
# clean up tmp file on exit unless debug=true
[ "${debug}" = true ] || trap "rm -f ${temp_file};" EXIT
debug "Querying outbound IP addresses. This could take a while...\n"
# Query user-defined mailer range
#
# OVH uses the format: ${a}.mo${b}.mail-out.ovh.net;
# not all valid "b" values are consecutive;
# in testing, the mo${b}.mail-out.ovh.net level resolves to an address,
# so for efficiency we'll skip any that don't resolve
for b in {1..300}; do
if ( host mo${b}.mail-out.ovh.net 2>&1 ); then
for a in {1..99}; do
host ${a}.mo${b}.mail-out.ovh.net 2>&1
done;
: ${a++}
# test if 'a' should be increased
if ( host ${a}.mo${b}.mail-out.ovh.net 2>&1 ); then
echo "Note: ${a}mo${b}.mail-out.ovh.net resolves to an address," 1>&2
echo "you should edit this script and increase the max range for 'a'." 1>&2
fi
fi
done > "${temp_file}"
: ${b++}
# test if 'b' should be increased
if ( host mo${b}.mail-out.ovh.net 2>&1 >/dev/null ); then
echo "Note: mo${b}.mail-out.ovh.net resolves to an address," 1>&2
echo "you should edit this script and increase the max range for 'b'." 1>&2
fi
# Format queried hosts
debug "Formatting custom allowlist...\n"
grep 'has address' "${temp_file}" | awk '{print $4 " permit"}' | sort -uV > "${allowlist_file}"
# Restart Postfix
debug "Restarting Postfix...\n"
[ "${debug}" = true ] && postfix reload || postfix reload 2>/dev/null
debug "Hostname lookups preserved in file: ${temp_file}\n"
# All done!
debug "Done!\n"
exit