cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

mailman poc email sent

Browse source
This commit is contained in:
CroneKorkN 2025-07-12 13:53:46 +02:00
parent a6b557882d
commit 9bbaeb67d3
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
6 changed files with 79 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
bundles/mailman/README.md Normal file
View file

@ -0,0 +1,31 @@
`echo export REST_API_PASS=$(bw metadata mseibert.mailman -k mailman/api_password | jq -r .mailman.api_password)`
```sh
curl -s -o /dev/null \
-w "Status: %{http_code}\nTime: %{time_total}s\n" \
-u restadmin:$REST_API_PASS \
-H "Content-Type: application/json" \
-X POST http://localhost:8001/3.1/queues/in \
-d '{
"list_id": "testlist-2.mailman.ckn.li",
"text": "From: i@ckn.li\nTo: testlist-2@mailman.ckn.li\nSubject: Curl-Driven Test $(date)\n\nHello everyone — this is a test sent via curl! $(date)"
}'
```
`tail -f /var/log/mailman3/*.log`
```log
==> /var/log/mailman3/mailman.log <==
[12/Jul/2025:10:31:10 +0000] "POST /3.1/queues/in HTTP/1.1" 201 0 "-" "curl/7.88.1"
Jul 12 10:31:10 2025 (2895919) ACCEPT: <175231627036.2895954.10009667988468073605@mseibert.mailman>
==> /var/log/mailman3/smtp.log <==
Jul 12 10:31:12 2025 (2895922) <175231627036.2895954.10009667988468073605@mseibert.mailman> smtp to testlist-2@mailman.ckn.li for 1 recips, completed in 0.059294939041137695 seconds
Jul 12 10:31:12 2025 (2895922) <175231627036.2895954.10009667988468073605@mseibert.mailman> post to testlist-2@mailman.ckn.li from i@ckn.li, 333 bytes
Jul 12 10:31:12 2025 (2895922) <175231627160.2895923.10669516773822847070@mseibert.mailman> smtp to testlist-2@mailman.ckn.li for 1 recips, completed in 0.0047571659088134766 seconds
Jul 12 10:31:12 2025 (2895922) <175231627160.2895923.10669516773822847070@mseibert.mailman> post to testlist-2@mailman.ckn.li from testlist-2-bounces@mailman.ckn.li, 736 bytes
```
`journalctl -f | grep postfix/`
`mailq | head -20`

6
bundles/mailman/files/mailman.cfg
View file

@ -250,12 +250,6 @@ outgoing: mailman.mta.deliver.deliver
# How to connect to the outgoing MTA. If smtp_user and smtp_pass is given, # How to connect to the outgoing MTA. If smtp_user and smtp_pass is given,
# then Mailman will attempt to log into the MTA when making a new connection. # then Mailman will attempt to log into the MTA when making a new connection.
# smtp_host: smtp.ionos.de
# smtp_port: 587
# smtp_user: ${smtp_user}
# smtp_pass: ${smtp_password}
# smtp_secure_mode: starttls
smtp_host: 127.0.0.1 smtp_host: 127.0.0.1
smtp_port: 25 smtp_port: 25
smtp_user: smtp_user:

3
bundles/mailman/files/postfix.cf
View file

@ -39,7 +39,8 @@ mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0 mailbox_size_limit = 0
recipient_delimiter = + recipient_delimiter = +
inet_interfaces = all inet_interfaces = all
inet_protocols = all #inet_protocols = all
inet_protocols = ipv4
unknown_local_recipient_reject_code = 550 unknown_local_recipient_reject_code = 550
owner_request_special = no owner_request_special = no

33
bundles/mailman/metadata.py
View file

@ -114,3 +114,36 @@ def secrets(metadata):
'archiver_key': derive_mailadmin_secret(metadata, 'archiver_key'), 'archiver_key': derive_mailadmin_secret(metadata, 'archiver_key'),
}, },
} }
@metadata_reactor.provides(
'dns',
)
def dns(metadata):
report_email = metadata.get('mailman/dmarc_report_email')
return {
'dns': {
metadata.get('mailman/hostname'): {
'MX': [f"5 {metadata.get('mailman/hostname')}."],
'TXT': [
'v=spf1 a mx -all',
'; '.join(f'{k}={v}' for k, v in {
# dmarc version
'v': 'DMARC1',
# reject on failure
'p': 'reject',
# standard reports
'rua': f'mailto:{report_email}',
# forensic reports
'fo': 1,
'ruf': f'mailto:{report_email}',
# require alignment between the DKIM domain and the parent Header From domain
'adkim': 's',
# require alignment between the SPF domain (the sender) and the Header From domain
'aspf': 's',
}.items())
],
},
},
}

4
bundles/systemd-timers/items.py
View file

@ -1,6 +1,6 @@
svc_systemd['cron'] = { svc_systemd['cron'] = {
'enabled': False, 'enabled': node.metadata.get('systemd_timers/cron/enabled', False),
'running': False, 'running': node.metadata.get('systemd_timers/cron/enabled', False),
} }
files['/usr/lib/nagios/plugins/check_systemd_timer'] = { files['/usr/lib/nagios/plugins/check_systemd_timer'] = {

18
nodes/mseibert.mailman.py
View file

@ -35,14 +35,18 @@
'mailman': { 'mailman': {
'hostname': 'mailman.ckn.li', 'hostname': 'mailman.ckn.li',
'site_owner_email': '!decrypt:encrypt$gAAAAABoWEeTyypfKw9l9jnNgF4GlS0-6O2NWCB0f3Fj1XnQ_HMjHXymAL8FWTyQjRmz3r8KnGJ-sogfnhW6lub_pnuk-wqB5Zuy9tgGsfi3RvkyNaOUeTE=', 'site_owner_email': '!decrypt:encrypt$gAAAAABoWEeTyypfKw9l9jnNgF4GlS0-6O2NWCB0f3Fj1XnQ_HMjHXymAL8FWTyQjRmz3r8KnGJ-sogfnhW6lub_pnuk-wqB5Zuy9tgGsfi3RvkyNaOUeTE=',
'smtp_host': 'smtp.ionos.de', 'dmarc_report_email': 'dmarc@sublimity.de',
'smtp_port': 465,
'smtp_user': '!decrypt:encrypt$gAAAAABoWEcZlLxiTKluyg3gZ-un2fYkuviW9BD9tTW8mfKBL5d41Z1X7LtI5CDnhhLXTGFpPnY1thr17h22oW3Ybz_WPgvbJVepnVwmeQwvMpg2psATKAY=', # 'smtp_host': 'smtp.ionos.de',
'smtp_password': '!decrypt:encrypt$gAAAAABoWDusH3XY4ONh8MnmfBbyHW477ipjSycb3TiDGXxO5eujum80zXjNrOblswCGRTHsW9UasM_dXeeGBsa7KcK4s6AK_eynXCWeLCtXfrUSE_oEd7c=' # 'smtp_port': 465,
# 'smtp_user': '!decrypt:encrypt$gAAAAABoWEcZlLxiTKluyg3gZ-un2fYkuviW9BD9tTW8mfKBL5d41Z1X7LtI5CDnhhLXTGFpPnY1thr17h22oW3Ybz_WPgvbJVepnVwmeQwvMpg2psATKAY=',
# 'smtp_password': '!decrypt:encrypt$gAAAAABoWDusH3XY4ONh8MnmfBbyHW477ipjSycb3TiDGXxO5eujum80zXjNrOblswCGRTHsW9UasM_dXeeGBsa7KcK4s6AK_eynXCWeLCtXfrUSE_oEd7c='
},
'systemd_timers': {
'cron': {
'enabled': True,
},
}, },
'overwrite_nameservers': [
'8.8.8.8',
],
'vm': { 'vm': {
'cores': 2, 'cores': 2,
'ram': 4096, 'ram': 4096,