Merge branch '5886-sender-rejected-inactive-domain' into 'develop'

Resolve ""Sender address rejected: not logged in" when sending from remote server with a inactive local domain"

Closes #5886

See merge request ispconfig/ispconfig3!1329

install/tpl/debian6_dovecot-sql.conf.master

@@ -14,7 +14,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se
 default_pass_scheme = CRYPT
 
 # password-query with prefetch
-password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
+password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id})
+
 user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
 
 # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.

install/tpl/debian_dovecot-sql.conf.master

@@ -121,7 +121,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se
 default_pass_scheme = CRYPT
 
 # password-query with prefetch
-password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
+password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id})
+
 user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
 
 # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.

install/tpl/debian_postfix.conf.master

@@ -28,6 +28,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt
 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
 smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_reject_unlisted_sender = yes
 smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit

install/tpl/fedora_dovecot-sql.conf.master

@@ -134,7 +134,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se
 default_pass_scheme = CRYPT
 
 # password-query with prefetch
-password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
+password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id})
+
 user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
 
 # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.

install/tpl/fedora_postfix.conf.master

@@ -24,6 +24,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt
 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
 smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_reject_unlisted_sender = yes
 smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit

install/tpl/gentoo_postfix.conf.master

@@ -23,6 +23,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt
 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
 smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_reject_unlisted_sender = yes
 smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit

install/tpl/mysql-virtual_email2email.cf.master

@@ -3,5 +3,7 @@ password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
 hosts = {mysql_server_ip}
 query = SELECT email FROM mail_user WHERE email = '%s' AND forward_in_lda = 'n' AND disabledeliver = 'n' AND postfix = 'y' AND server_id = {server_id}
+           AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id})
         UNION
         SELECT cc AS email FROM mail_user WHERE email = '%s' AND cc != '' AND (forward_in_lda = 'n' OR disabledeliver = 'y') AND postfix = 'y' AND server_id = {server_id}
+           AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id})

install/tpl/mysql-virtual_gids.cf.master

@@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
 hosts = {mysql_server_ip}
-query = select gid from mail_user where email = '%s' and postfix = 'y' and server_id = {server_id}
+query = SELECT gid FROM mail_user WHERE email = '%s' AND postfix = 'y' AND server_id = {server_id}
+           AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id})

install/tpl/mysql-virtual_mailboxes.cf.master

@@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
 hosts = {mysql_server_ip}
-query = select CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') from mail_user where email = '%s' and postfix = 'y' and disabledeliver = 'n' and server_id = {server_id}
+query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM mail_user WHERE email = '%s' AND postfix = 'y' AND disabledeliver = 'n' AND server_id = {server_id}
+           AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id})

install/tpl/mysql-virtual_outgoing_bcc.cf.master

@@ -4,7 +4,9 @@ dbname = {mysql_server_database}
 hosts = {mysql_server_ip}
 query = SELECT sender_cc FROM (
             SELECT SUBSTRING_INDEX(sender_cc, ',', 1) AS sender_cc
-              FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND sender_cc != '' AND server_id = {server_id}
+              FROM mail_user
+             WHERE email = '%s' AND disablesmtp = 'n' AND sender_cc != '' AND server_id = {server_id}
+               AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id})
             UNION
             SELECT SUBSTRING_INDEX(u.sender_cc, ',', 1) AS sender_cc
               FROM mail_user u, mail_forwarding f
@@ -13,4 +15,5 @@ query = SELECT sender_cc FROM (
                                                 '[[:blank:]]*(,[[:blank:]]*[[:alnum:]]|,?[[:blank:]]*(\\r?\\n|$))' )
                AND u.disablesmtp = 'n' AND u.sender_cc != '' AND u.server_id = {server_id}
                AND f.source = '%s' AND f.allow_send_as = 'y' AND f.active = 'y' AND f.server_id = {server_id}
+               AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id})
         ) table1 WHERE sender_cc != '' LIMIT 1

install/tpl/mysql-virtual_policy_greylist.cf.master

@@ -5,9 +5,10 @@ hosts = {mysql_server_ip}
 query = SELECT 'greylisting' FROM
   (
    SELECT `greylisting`, 1 as `prio` FROM `mail_user` WHERE `server_id` = {server_id} AND `email` = '%s'
+      AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id})
    UNION
-   SELECT `greylisting`, 2 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '%s'
+   SELECT `greylisting`, 2 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '%s' AND active = 'y'
    UNION
-   SELECT `greylisting`, 3 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '@%d' ORDER BY `prio` ASC LIMIT 1
+   SELECT `greylisting`, 3 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '@%d' AND active = 'y' ORDER BY `prio` ASC LIMIT 1
   ) AS rules
   WHERE rules.greylisting = 'y'

install/tpl/mysql-virtual_sender_login_maps.cf.master

@@ -4,4 +4,5 @@ dbname = {mysql_server_database}
 hosts = {mysql_server_ip}
 query = SELECT destination FROM mail_forwarding WHERE source = '%s' AND active = 'y' AND allow_send_as = 'y' AND server_id = {server_id}
         UNION
-        SELECT email FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND server_id = {server_id};
+        SELECT email FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND server_id = {server_id}
+           AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id})

install/tpl/mysql-virtual_uids.cf.master

@@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
 hosts = {mysql_server_ip}
-query = select uid from mail_user where email = '%s' and postfix = 'y' and server_id = {server_id}
+query = SELECT uid FROM mail_user WHERE email = '%s' AND postfix = 'y' AND server_id = {server_id}
+           AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id})

install/tpl/opensuse_dovecot-sql.conf.master

@@ -134,7 +134,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se
 default_pass_scheme = CRYPT
 
 # password-query with prefetch
-password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
+password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id})
+
 user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
 
 # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.

install/tpl/opensuse_postfix.conf.master

@@ -26,6 +26,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt
 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
 smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_reject_unlisted_sender = yes
 smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit