[Postfix] Allow to relay only non-local mailboxes

data/Dockerfiles/postfix/postfix.sh

@@ -38,6 +38,23 @@ for cert_dir in /etc/ssl/mail/*/ ; do
 done
 postmap -F hash:/opt/postfix/conf/sni.map;
 
+cat <<EOF > /opt/postfix/conf/sql/mysql_relay_ne.cf
+# Autogenerated by mailcow
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = unix:/var/run/mysqld/mysqld.sock
+dbname = ${DBNAME}
+query = SELECT IF(EXISTS(SELECT address, domain FROM alias
+      WHERE address = '%s'
+        AND domain IN (
+          SELECT domain FROM domain
+            WHERE backupmx = '1'
+              AND relay_all_recipients = '1'
+              AND relay_unknown_only = '1')
+
+      ), 'lmtp:inet:dovecot:24', NULL) AS 'transport'
+EOF
+
 cat <<EOF > /opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
 # Autogenerated by mailcow
 user = ${DBUSER}

data/conf/postfix/main.cf

@@ -186,6 +186,7 @@ mail_name = Postcow
 # Use custom_transport.pcre for custom transports
 transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
   pcre:/opt/postfix/conf/local_transport,
+  proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
   proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf
 smtp_sasl_auth_soft_bounce = no
 postscreen_discard_ehlo_keywords = silent-discard, dsn

data/web/admin.php

@@ -137,7 +137,10 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
           <div class="form-group">
             <label class="control-label col-sm-3" for="admin_api_key"><?=$lang['admin']['api_key'];?>:</label>
             <div class="col-sm-9">
-              <input type="text" class="form-control" placeholder="-" value="<?=htmlspecialchars($api['api_key']);?>" readonly>
+              <div class="input-group">
+                <span class="input-group-addon">Read-Write</span>
+                <input type="text" class="form-control" placeholder="-" value="<?=htmlspecialchars($api['api_key']);?>" readonly>
+              </div>
             </div>
           </div>
           <div class="form-group">

data/web/edit.php

@@ -25,7 +25,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         if (!empty($result)) {
         ?>
           <h4><?=$lang['edit']['alias'];?></h4>
-          <br />
+          <br>
           <form class="form-horizontal" data-id="editalias" role="form" method="post">
             <input type="hidden" value="0" name="active">
             <input type="hidden" value="0" name="sogo_visible">
@@ -96,7 +96,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
       if (!empty($result)) {
       ?>
       <h4><?=$lang['edit']['domain_admin'];?></h4>
-      <br />
+      <br>
       <form class="form-horizontal" data-id="editdomainadmin" role="form" method="post">
         <input type="hidden" value="0" name="active">
         <div class="form-group">
@@ -194,7 +194,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
       if (!empty($result)) {
       ?>
       <h4><?=$lang['edit']['domain_admin'];?></h4>
-      <br />
+      <br>
       <form class="form-horizontal" data-id="editadmin" role="form" method="post">
         <input type="hidden" value="0" name="active">
         <div class="form-group">
@@ -258,6 +258,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
             <input type="hidden" value="0" name="backupmx">
             <input type="hidden" value="0" name="gal">
             <input type="hidden" value="0" name="relay_all_recipients">
+            <input type="hidden" value="0" name="relay_unknown_only">
             <div class="form-group">
               <label class="control-label col-sm-2" for="description"><?=$lang['edit']['description'];?></label>
               <div class="col-sm-10">
@@ -317,9 +318,13 @@ if (isset($_SESSION['mailcow_cc_role'])) {
               <div class="col-sm-10">
                 <div class="checkbox">
                   <label><input type="checkbox" value="1" name="backupmx" <?=(isset($result['backupmx_int']) && $result['backupmx_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['relay_domain'];?></label>
-                  <br />
+                  <br>
                   <label><input type="checkbox" value="1" name="relay_all_recipients" <?=(isset($result['relay_all_recipients_int']) && $result['relay_all_recipients_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['relay_all'];?></label>
                   <p><?=$lang['edit']['relay_all_info'];?></p>
+                  <label><input type="checkbox" value="1" name="relay_unknown_only" <?=(isset($result['relay_unknown_only_int']) && $result['relay_unknown_only_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['relay_unknown_only'];?></label>
+                  <br>
+                  <p><?=$lang['edit']['relay_transport_info'];?></p>
+                  <hr style="margin:25px 0px 0px 0px">
                 </div>
               </div>
             </div>
@@ -576,7 +581,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
           </div>
           <div class="form-group">
             <label class="control-label col-sm-2" for="quota"><?=$lang['edit']['quota_mb'];?>
-              <br /><span id="quotaBadge" class="badge">max. <?=intval($result['max_new_quota'] / 1048576)?> MiB</span>
+              <br><span id="quotaBadge" class="badge">max. <?=intval($result['max_new_quota'] / 1048576)?> MiB</span>
             </label>
             <div class="col-sm-10">
               <input type="number" name="quota" style="width:100%" min="0" max="<?=intval($result['max_new_quota'] / 1048576);?>" value="<?=intval($result['quota']) / 1048576;?>" class="form-control">
@@ -945,7 +950,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         if (!empty($result)) {
           ?>
           <h4><?=$lang['mailbox']['bcc_map'];?></h4>
-          <br />
+          <br>
           <form class="form-horizontal" data-id="editbcc" role="form" method="post">
             <input type="hidden" value="0" name="active">
             <div class="form-group">
@@ -996,7 +1001,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         if (!empty($result)) {
           ?>
           <h4><?=$lang['mailbox']['recipient_map']?>: <?=$result['recipient_map_old'];?></h4>
-          <br />
+          <br>
           <form class="form-horizontal" data-id="edit_recipient_map" role="form" method="post">
             <input type="hidden" value="0" name="active">
             <div class="form-group">
@@ -1042,7 +1047,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         if (!empty($result)) {
           ?>
           <h4><?=$lang['mailbox']['tls_policy_maps']?>: <?=$result['dest'];?></h4>
-          <br />
+          <br>
           <form class="form-horizontal" data-id="edit_tls_policy_maps" role="form" method="post">
             <input type="hidden" value="0" name="active">
             <div class="form-group">

data/web/inc/functions.mailbox.inc.php

@@ -446,9 +446,16 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           }
           $active = intval($_data['active']);
           $relay_all_recipients = intval($_data['relay_all_recipients']);
+          $relay_unknown_only = intval($_data['relay_unknown_only']);
           $backupmx = intval($_data['backupmx']);
           $gal = intval($_data['gal']);
-          ($relay_all_recipients == 1) ? $backupmx = '1' : null;
+          if ($relay_all_recipients == 1) {
+            $backupmx = '1';
+          }
+          if ($relay_unknown_only == 1) {
+            $backupmx = 1;
+            $relay_all_recipients = 1;
+          }
           if (!is_valid_domain_name($domain)) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
@@ -495,8 +502,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $stmt->execute(array(
             ':domain' => '%@' . $domain
           ));
-          $stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `defquota`, `maxquota`, `quota`, `backupmx`, `gal`, `active`, `relay_all_recipients`)
-            VALUES (:domain, :description, :aliases, :mailboxes, :defquota, :maxquota, :quota, :backupmx, :gal, :active, :relay_all_recipients)");
+          $stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `defquota`, `maxquota`, `quota`, `backupmx`, `gal`, `active`, `relay_unknown_only`, `relay_all_recipients`)
+            VALUES (:domain, :description, :aliases, :mailboxes, :defquota, :maxquota, :quota, :backupmx, :gal, :active, :relay_unknown_only, :relay_all_recipients)");
           $stmt->execute(array(
             ':domain' => $domain,
             ':description' => $description,
@@ -508,6 +515,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             ':backupmx' => $backupmx,
             ':gal' => $gal,
             ':active' => $active,
+            ':relay_unknown_only' => $relay_unknown_only,
             ':relay_all_recipients' => $relay_all_recipients
           ));
           try {
@@ -1802,8 +1810,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
+            $domain = idn_to_ascii(substr(strstr($address, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
             if ($is_now['address'] != $address) {
-              $domain = idn_to_ascii(substr(strstr($address, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
               $local_part = strstr($address, '@', true);
               $address      = $local_part.'@'.$domain;
               if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
@@ -1919,6 +1927,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 `address` = :address,
                 `public_comment` = :public_comment,
                 `private_comment` = :private_comment,
+                `domain` = :domain,
                 `goto` = :goto,
                 `sogo_visible`= :sogo_visible,
                 `active`= :active
@@ -1927,6 +1936,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 ':address' => $address,
                 ':public_comment' => $public_comment,
                 ':private_comment' => $private_comment,
+                ':domain' => $domain,
                 ':goto' => $goto,
                 ':sogo_visible' => $sogo_visible,
                 ':active' => $active,
@@ -1995,6 +2005,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 $backupmx             = (isset($_data['backupmx'])) ? intval($_data['backupmx']) : $is_now['backupmx_int'];
                 $gal                  = (isset($_data['gal'])) ? intval($_data['gal']) : $is_now['gal_int'];
                 $relay_all_recipients = (isset($_data['relay_all_recipients'])) ? intval($_data['relay_all_recipients']) : $is_now['relay_all_recipients_int'];
+                $relay_unknown_only   = (isset($_data['relay_unknown_only'])) ? intval($_data['relay_unknown_only']) : $is_now['relay_unknown_only_int'];
                 $relayhost            = (isset($_data['relayhost'])) ? intval($_data['relayhost']) : $is_now['relayhost'];
                 $aliases              = (!empty($_data['aliases'])) ? $_data['aliases'] : $is_now['max_num_aliases_for_domain'];
                 $mailboxes            = (isset($_data['mailboxes']) && $_data['mailboxes'] != '') ? intval($_data['mailboxes']) : $is_now['max_num_mboxes_for_domain'];
@@ -2002,7 +2013,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 $maxquota             = (!empty($_data['maxquota'])) ? $_data['maxquota'] : ($is_now['max_quota_for_mbox'] / 1048576);
                 $quota                = (!empty($_data['quota'])) ? $_data['quota'] : ($is_now['max_quota_for_domain'] / 1048576);
                 $description          = (!empty($_data['description'])) ? $_data['description'] : $is_now['description'];
-                ($relay_all_recipients == '1') ? $backupmx = '1' : null;
+                if ($relay_all_recipients == '1') {
+                  $backupmx = '1';
+                }
+                if ($relay_unknown_only == '1') {
+                  $backupmx = '1';
+                  $relay_all_recipients = '1';
+                }
               }
               else {
                 $_SESSION['return'][] = array(
@@ -2096,6 +2113,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               }
               $stmt = $pdo->prepare("UPDATE `domain` SET
               `relay_all_recipients` = :relay_all_recipients,
+              `relay_unknown_only` = :relay_unknown_only,
               `backupmx` = :backupmx,
               `gal` = :gal,
               `active` = :active,
@@ -2109,6 +2127,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 WHERE `domain` = :domain");
               $stmt->execute(array(
                 ':relay_all_recipients' => $relay_all_recipients,
+                ':relay_unknown_only' => $relay_unknown_only,
                 ':backupmx' => $backupmx,
                 ':gal' => $gal,
                 ':active' => $active,
@@ -3178,10 +3197,12 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               `quota`,
               `relayhost`,
               `relay_all_recipients` as `relay_all_recipients_int`,
+              `relay_unknown_only` as `relay_unknown_only_int`,
               `backupmx` as `backupmx_int`,
               `gal` as `gal_int`,
               `active` as `active_int`,
               CASE `relay_all_recipients` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `relay_all_recipients`,
+              CASE `relay_unknown_only` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `relay_unknown_only`,
               CASE `backupmx` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `backupmx`,
               CASE `gal` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `gal`,
               CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
@@ -3228,7 +3249,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $domaindata['active'] = $row['active'];
           $domaindata['active_int'] = $row['active_int'];
           $domaindata['relay_all_recipients'] = $row['relay_all_recipients'];
+          $domaindata['relay_unknown_only'] = $row['relay_unknown_only'];
           $domaindata['relay_all_recipients_int'] = $row['relay_all_recipients_int'];
+          $domaindata['relay_unknown_only_int'] = $row['relay_unknown_only_int'];
           $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias`
             WHERE (`domain`= :domain OR `domain` IN (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain2))
               AND `address` NOT IN (

data/web/inc/init_db.inc.php

@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "05032020_0715";
+    $db_version = "03042020_0915";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -181,6 +181,7 @@ function init_db_schema() {
           "skip_ip_check" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE NOW(0)",
+          "access" => "ENUM('ro', 'rw') NOT NULL DEFAULT 'rw'",
           "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
         ),
         "keys" => array(
@@ -218,6 +219,7 @@ function init_db_schema() {
           "backupmx" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "gal" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "relay_unknown_only" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
           "active" => "TINYINT(1) NOT NULL DEFAULT '1'"

data/web/lang/lang.de.json

@@ -742,7 +742,9 @@
         "backup_mx_options": "Backup MX Optionen",
         "relay_domain": "Diese Domain relayen",
         "relay_all": "Alle Empfänger-Adressen relayen",
-        "relay_all_info": "<small>Wenn <b>nicht</b> alle Empfänger-Adressen relayt werden sollen, müssen \"blinde\" Mailboxen für jede Adresse, die relayt werden soll, erstellen werden.</small>",
+        "relay_all_info": "↪ Wenn <b>nicht</b> alle Empfänger-Adressen relayt werden sollen, müssen \"blinde\" Mailboxen für jede Adresse, die relayt werden soll, erstellen werden.",
+        "relay_unknown_only": "Nur nicht-lokale Mailboxen relayen. Existente Mailboxen werden weiterhin lokal zugestellt.",
+        "relay_transport_info": "<div class=\"label label-info\">Info</div> Transport Maps können erstellt werden, um  individuelle Ziele für eine Relay Domain zu definieren.",
         "full_name": "Voller Name",
         "quota_mb": "Speicherplatz (MiB)",
         "sender_acl": "Darf Nachrichten versenden als",
@@ -821,8 +823,10 @@
         "domain_quota_m": "Domain Speicherplatz gesamt (MiB)",
         "backup_mx_options": "Backup MX Optionen",
         "relay_all": "Alle Empfänger-Adressen relayen",
-        "relay_domain": "Relay Domain",
-        "relay_all_info": "<small>Wenn Sie <b>nicht</b> alle Empfänger-Adressen relayen möchten, müssen Sie eine Mailbox für jede Adresse, die relayt werden soll, erstellen.</small>",
+        "relay_domain": "Diese Domain relayen",
+        "relay_all_info": "↪ Wenn <b>nicht</b> alle Empfänger-Adressen relayt werden sollen, müssen \"blinde\" Mailboxen für jede Adresse, die relayt werden soll, erstellen werden.",
+        "relay_unknown_only": "Nur nicht-lokale Mailboxen relayen. Existente Mailboxen werden weiterhin lokal zugestellt.",
+        "relay_transport_info": "<div class=\"label label-info\">Info</div> Transport Maps können erstellt werden, um  individuelle Ziele für eine Relay Domain zu definieren.",
         "alias_address": "Alias-Adresse(n)",
         "alias_address_info": "<small>Vollständige E-Mail-Adresse(n) oder @example.com, um alle Nachrichten einer Domain weiterzuleiten. Getrennt durch Komma. <b>Nur eigene Domains</b>.</small>",
         "alias_domain_info": "<small>Nur gültige Domains. Getrennt durch Komma.</small>",

data/web/lang/lang.en.json

@@ -739,9 +739,11 @@
         "max_quota": "Max. quota per mailbox (MiB)",
         "domain_quota": "Domain quota",
         "backup_mx_options": "Backup MX options",
-        "relay_domain": "Relay domain",
+        "relay_domain": "Relay this domain",
         "relay_all": "Relay all recipients",
-        "relay_all_info": "<small>If you choose <b>not</b> to relay all recipients, you will need to add a (\"blind\") mailbox for every single recipient that should be relayed.</small>",
+        "relay_all_info": "↪ If you choose <b>not</b> to relay all recipients, you will need to add a (\"blind\") mailbox for every single recipient that should be relayed.",
+        "relay_unknown_only": "Relay non-existing mailboxes only. Existing mailboxes will be delivered locally.",
+        "relay_transport_info": "<div class=\"label label-info\">Info</div> You can define transport maps for a custom destination for this domain. If not set, a MX lookup will be made.",
         "full_name": "Full name",
         "quota_mb": "Quota (MiB)",
         "sender_acl": "Allow to send as",
@@ -821,7 +823,9 @@
         "backup_mx_options": "Backup MX options",
         "relay_all": "Relay all recipients",
         "relay_domain": "Relay this domain",
-        "relay_all_info": "<small>If you choose <b>not</b> to relay all recipients, you will need to add a (\"blind\") mailbox for every single recipient that should be relayed.</small>",
+        "relay_all_info": "↪ If you choose <b>not</b> to relay all recipients, you will need to add a (\"blind\") mailbox for every single recipient that should be relayed.",
+        "relay_unknown_only": "Relay non-existing mailboxes only. Existing mailboxes will be delivered locally.",
+        "relay_transport_info": "<div class=\"label label-info\">Info</div> You can define transport maps for a custom destination for this domain. If not set, a MX lookup will be made.",
         "alias_address": "Alias address/es",
         "alias_address_info": "<small>Full email address/es or @example.com, to catch all messages for a domain (comma-separated). <b>mailcow domains only</b>.</small>",
         "alias_domain_info": "<small>Valid domain names only (comma-separated).</small>",

data/web/modals/mailbox.php

@@ -45,6 +45,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
             <div class="col-sm-10">
             <input type="text" class="form-control" name="quota" min="0" max="" id="addInputQuota" disabled value="<?=$lang['add']['select_domain'];?>" required>
             <small class="help-block">0 = ∞</small>
+            <div class="label label-warning addInputQuotaExhausted" style="display:none;"><?=$lang['warning']['quota_exceeded_scope'];?></div>
             </div>
           </div>
           <div class="form-group">
@@ -162,10 +163,14 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
             <label class="control-label col-sm-2"><?=$lang['add']['backup_mx_options'];?></label>
             <div class="col-sm-10">
               <div class="checkbox">
-              <label><input type="checkbox" value="1" name="backupmx"> <?=$lang['add']['relay_domain'];?></label>
-              <br />
-              <label><input type="checkbox" value="1" name="relay_all_recipients"> <?=$lang['add']['relay_all'];?></label>
-              <p><?=$lang['add']['relay_all_info'];?></p>
+                <label><input type="checkbox" value="1" name="backupmx"> <?=$lang['add']['relay_domain'];?></label>
+                <br>
+                <label><input type="checkbox" value="1" name="relay_all_recipients"> <?=$lang['add']['relay_all'];?></label>
+                <p><?=$lang['add']['relay_all_info'];?></p>
+                <label><input type="checkbox" value="1" name="relay_unknown_only" <?=(isset($result['relay_unknown_only_int']) && $result['relay_unknown_only_int']=="1") ? "checked" : null;?>> <?=$lang['add']['relay_unknown_only'];?></label>
+                <br>
+                <p><?=$lang['add']['relay_transport_info'];?></p>
+                <hr style="margin:25px 0px 0px 0px">
               </div>
             </div>
           </div>

docker-compose.yml

@@ -246,7 +246,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.46
+      image: mailcow/postfix:1.47
       depends_on:
         - mysql-mailcow
       volumes: