smeserver/smeserver-postfix
6
0
Fork 0
generated from smedev/Template-for-SMEServer-Core-Package
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Sun Nov 17 2024 <jpp@koozali.org> 1.0-2.sme

Browse Source 
- listen only via sockets
- use both unix user and virtual users
- groups and pseudonyms implemented in virtual maps
- support smarthost with and without auth
- support global and per domain delegated mail server
- support ssl
- uses qmail - recipient delimiter in left part of email.
- all domains set as local domains in mydestination
- message_size_limit
- local and remote concurency limit
This commit is contained in:
Jean-Philippe Pialasse
2024-11-17 22:25:49 -05:00
parent 3e1adb2110
commit aa8479eaa9
38 changed files with 558 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
root/etc/e-smith/templates/etc/postfix/main.cf/40inet
View File

@@ -1,2 +1,2 @@
inet_interfaces = loopback-only
inet_interfaces = all
inet_protocols = all

5
root/etc/e-smith/templates/etc/postfix/main.cf/45recipients Normal file
View File

@@ -0,0 +1,5 @@
{
# qmail compatibility - instead of +
# default empty
}
recipient_delimiter = -

18
root/etc/e-smith/templates/etc/postfix/main.cf/50mydestination
View File

@@ -1,2 +1,16 @@
# TODO add all domains and hosts related here
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# SME Primary domain and host: looks up all recipients in /etc/passwd and /etc/aliases
mydestination = $myhostname $mydomain $myhostname.$mydomain localhost.$mydomain localhost {
$OUT = " ";
my $i = 0;
use esmith::DomainsDB;
my $ddb = esmith::DomainsDB->open_ro;
my @domains = map { $_->key } $ddb->get_all_by_prop('type' => 'domain');
foreach my $domain ( @domains )
{
my $d = $ddb->get($domain);
next if (($d->prop('VirtualMail') || "disabled") eq "enabled");
next unless (($d->prop('MailServer') || '') eq '');
next if $domain eq $DomainName;
$OUT .= "$domain ";
}
}

30
root/etc/e-smith/templates/etc/postfix/main.cf/50virtual
View File

@@ -1,30 +0,0 @@
{
$OUT = '';
my $virtual = 'virtual_alias_domains = ';
use esmith::DomainsDB;
my $domainsdb = esmith::DomainsDB->open_ro();
my $tempstr = '';
for my $domain ($domainsdb->domains)
{
my $primary = $domain->prop('SystemPrimaryDomain');
next if ( $primary eq 'yes' );
my $mail_server = $domain->prop('MailServer')
|| $DelegateMailServer
|| 'localhost';
next if ( $mail_server ne 'localhost' );
$emaildomain = $domain->key;
$tempstr .= "$emaildomain ";
}
if ( $tempstr ne '' )
{
$OUT .= "$virtual";
$OUT .= "$tempstr\n";
$OUT .= "virtual_alias_maps = hash:/etc/postfix/virtual";
}
}

21
root/etc/e-smith/templates/etc/postfix/main.cf/50virtual_domains Normal file
View File

@@ -0,0 +1,21 @@
{
# SME Server Virtual domains
# to configure emails for those domains use pseudonyms to point to a unix account.
# sales@virtualdomain.com -> admin
$OUT = "virtual_alias_domains = ";
my $i = 0;
use esmith::DomainsDB;
my $ddb = esmith::DomainsDB->open_ro;
my @domains = map { $_->key } $ddb->get_all_by_prop('type' => 'domain');
foreach my $domain ( @domains )
{
my $d = $ddb->get($domain);
next unless (($d->prop('VirtualMail') || "disabled") eq "enabled");
next unless (($d->prop('MailServer') || '') eq '');
$OUT .= "$domain " unless $domain eq $DomainName;
$i ++ unless $domain eq $DomainName;;
}
$OUT = "# no SME Server Virtual domains configured" unless $i>0;
}

2
root/etc/e-smith/templates/etc/postfix/main.cf/51virtual Normal file
View File

@@ -0,0 +1,2 @@
# list of all virtual aliases : groups, pseudonyms ...
virtual_alias_maps = hash:/etc/postfix/virtual

7
root/etc/e-smith/templates/etc/postfix/main.cf/60msgsize Normal file
View File

@@ -0,0 +1,7 @@
{
#message_size_limit = 10240000 (default)
# our previous default with qmail was 15000000
my $MaxMessageSize = $postfix{'MaxMessageSize'} || "15000000";
$OUT = "message_size_limit = $MaxMessageSize\n";
}

17
root/etc/e-smith/templates/etc/postfix/main.cf/60transport
View File

@@ -1,12 +1,9 @@
{
$OUT = '';
my $transport = 'transport_maps = hash:/etc/postfix/transport ';
my $display = 0;
use esmith::DomainsDB;
my $domainsdb = esmith::DomainsDB->open_ro();
for my $domain ($domainsdb->domains)
{
my $mail_server = $domain->prop('MailServer')
@@ -15,10 +12,16 @@
if ( $mail_server ne 'localhost' )
{
$OUT = "$transport\n";
$display = 1;
}
}
$display = 1 if (
$SMTPSmartHost
&&
($SMTPSmartHost ne 'off')
&&
($SMTPSmartHost !~ /^\s*$/)
);
$OUT = "$transport\n" if $display eq 1;
}

3
root/etc/e-smith/templates/etc/postfix/main.cf/61concurency Normal file
View File

@@ -0,0 +1,3 @@
default_destination_concurrency_limit = { $postfix{'ConcurrencyRemote'} || "20"; }
local_destination_concurrency_limit = { $postfix{'ConcurrencyLocal'} || "20"; }

1
root/etc/e-smith/templates/etc/postfix/main.cf/65doublebounce Normal file
View File

@@ -0,0 +1 @@
2bounce_notice_recipient = { $postfix{'DoubleBounceTo'} || "postmaster"; }

1
root/etc/e-smith/templates/etc/postfix/main.cf/65heloname Normal file
View File

@@ -0,0 +1 @@
smtp_helo_name = { $qpsmtpd{HeloHost} || '$myhostname'}

27
root/etc/e-smith/templates/etc/postfix/main.cf/70certificates Normal file
View File

@@ -0,0 +1,27 @@
smtp_tls_cert_file = /etc/postfix/ssl/postfix.pem
smtpd_tls_cert_file = /etc/postfix/ssl/postfix.pem
smtp_tls_note_starttls_offer = yes
{
# see http://www.postfix.org/postconf.5.html#smtp_tls_security_level
# *smtp_use_tls = yes (default no) this is oportunistic deprecated option
# equivalent of smtp_tls_security_level = may
# *smtp_enforce_tls = yes (default no) also deprecated
# would require it and require remote SMTP server hostname matches
# the information in the remote server certificate, and that the remote SMTP server certificate
# was issued by a CA that is trusted by the Postfix SMTP client
}smtp_tls_security_level = {
my $smarthost = $SMTPSmartHost || "off";
my $userid = ${smtp-auth-proxy}{'Userid'} || "";
my $tls_security_level = $postfix{'tls_security_level'} || "may";
$tls_security_level = "encrypt" if ($smarthost ne "off" && $userid ne "");
$OUT = $tls_security_level;
}
smtp_tls_enforce_peername = { (($postfix{'tls_enforce_peername'}||'yes') eq "yes")? 'yes' : 'no'; }
{
# keeping default for this one
# smtp_tls_ciphers = medium
}{
# keeping default for this one
# smtp_tls_protocols = !SSLv2, !SSLv3
# smtp_tls_protocols = >=TLSv1
}smtp_tls_loglevel = 1

15
root/etc/e-smith/templates/etc/postfix/main.cf/75smarthost Normal file
View File

@@ -0,0 +1,15 @@
## SME relay outgoing mails to smarthost
{
my $smarthost = $SMTPSmartHost || "off";
my $userid = ${smtp-auth-proxy}{'Userid'} || "";
my $password = ${smtp-auth-proxy}{'Passwd'} || "";
my $port = ${smtp-auth-proxy}{'PeerPort'} || "25";
return "#Smarthost disabled" unless $smarthost ne "off";
$OUT = "relayhost = [$smarthost]:$port\n";
if ($userid ne "")
{
$OUT .= "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd\n";
$OUT .= "smtp_sasl_security_options = noanonymous\n";
$OUT .= "smtp_sasl_auth_enable = yes\n";
}
}

3
root/etc/e-smith/templates/etc/postfix/master.cf/20smtp
View File

@@ -1,4 +1,5 @@
2525 inet n - n - - smtpd
#2525 inet n - n - - smtpd
# :25 is in use by qpsmtpd
#smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd

15
root/etc/e-smith/templates/etc/postfix/sasl_passwd/20smarthost Normal file
View File

@@ -0,0 +1,15 @@
## SME relay outgoing mails to smarthost
{
my $smarthost = $SMTPSmartHost || "off";
my $userid = ${smtp-auth-proxy}{'Userid'} || "";
my $password = ${smtp-auth-proxy}{'Passwd'} || "";
my $port = ${smtp-auth-proxy}{'PeerPort'} || "25";
return "#Smarthost disabled" unless $smarthost ne "off";
$OUT = "";
if ($userid ne "")
{
$OUT .= "[$smarthost]:$port $userid:$password\n";
}
}

11
root/etc/e-smith/templates/etc/postfix/transport/10hosts
View File

@@ -10,15 +10,22 @@
{
my $mail_server = $domain->prop('MailServer')
|| $DelegateMailServer
|| 'localhost';
if ( $mail_server ne 'localhost' )
{
my ($dest,$port) = split(':',$mail_server);
$port = ( $port =~ /^\d+$/)? $port : "25";
$emaildomain = $domain->key;
$OUT .= "\@$emaildomain\t$mail_server\n";
$OUT .= "$emaildomain\t smtp:[$dest]:$port\n";
}
else
{
$emaildomain = $domain->key;
$OUT .= "$emaildomain\t local:\$myhostname\n";
}
}
}

5
root/etc/e-smith/templates/etc/postfix/transport/20smarthost Normal file
View File

@@ -0,0 +1,5 @@
{
my $smarthost = $SMTPSmartHost || "off";
$OUT = "";
$OUT = "# SME relay smarthost is defined in main.cf relayhost variable" if $SMTPSmartHost ne "off";
}

8
root/etc/e-smith/templates/etc/postfix/transport/30delegateMailServer Normal file
View File

@@ -0,0 +1,8 @@
{
return "# no DelegateMailServer, we are using our own smtp" unless (defined $DelegateMailServer and $DelegateMailServer);
my ($dest,$port) = split(':',$DelegateMailServer);
my $port = ( $port =~ /^\d+$/)? $port : "25";
$OUT = "* smtp:[$dest]:$port";
}

25
root/etc/e-smith/templates/etc/postfix/virtual/05system Normal file
View File

@@ -0,0 +1,25 @@
{
# mailer-daemon -> postmaster -> root (via /etc/aliases) and also defined as pseudonyms
# abuse -> root (via /etc/aliases) and also defined as pseudonyms
# postmaster -> root via etc/aliases, and admin via pseudonyms
# TODO handle qmail user alias
}
# SME system users
root admin
{
$OUT = "";
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB";
for my $acct ($adb->get_all_by_prop(type=>"system"))
{
next if ($acct->key eq "admin");
next if ($acct->key eq "alias");
next if ($acct->key eq "shared");
next if ($acct->key eq "root");
$OUT .= $acct->key . "\t\t\tadmin\n";
}
}

3
root/etc/e-smith/templates/etc/postfix/virtual/06user Normal file
View File

@@ -0,0 +1,3 @@
# SME users
# not needed postfix will map all system users directly

19
root/etc/e-smith/templates/etc/postfix/virtual/10pseudonyms
View File

@@ -1,3 +1,4 @@
# SME pseudonyms
{
my $dms = $DelegateMailServer;
@@ -11,16 +12,16 @@
for my $pseudo ($adb->pseudonyms)
{
#next unless ($pseudo->key =~ /@/);
#next unless ($pseudo->key =~ /@/);
my $account = $pseudo->prop("Account");
$account = "admin" and warn $pseudo->prop("Account") . " is not a valid account, default to admin " unless $adb->get($account);
my $acct = $adb->get($account);
if ($acct->prop('type') eq "group")
{
$account =~ s/\./:/g;
}
my $account = $pseudo->prop("Account");
$account = "admin" and warn $pseudo->prop("Account") . " is not a valid account, default to admin " unless $adb->get($account);
my $acct = $adb->get($account);
if ($acct->prop('type') eq "group")
{
$account =~ s/\./:/g;
}
$OUT .= $pseudo->key . "\t$account\n";
$OUT .= $pseudo->key . "\t\t\t$account\n";
}
}

30
root/etc/e-smith/templates/etc/postfix/virtual/15groups Normal file
View File

@@ -0,0 +1,30 @@
# SME groups
{
# inspired from former /etc/e-smith/events/actions/qmail-update-group
my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB";
for my $group ($adb->groups)
{
#next unless ($pseudo->key =~ /@/);
my %properties = $group->props;
my $acct = $group->key;
my @group_members = split(/,/, $properties{Members});
# Check if we should exclude members from this group email address
my @exclude_users = split(/,/, ($properties{EmailExcludeUsers} || ''));
my @exclude_groups = split(/,/, ($properties{EmailExcludeGroups} || ''));
foreach my $exclude_group (@exclude_groups){
my $g = $a->get($exclude_group);
next unless $g;
push @exclude_users, split(/,/, ($g->prop('Members') || ''));
}
my %exclude = map { $_, 1 } @exclude_users;
@exclude_users = keys %exclude;
my @members = ();
foreach my $user (@group_members){
next if grep { $_ eq $user } @exclude_users;
push @members, $user;
}
my $members = join(' ', @members);
$OUT .= "$acct\t\t\t$members\n";
}
}

14
root/etc/e-smith/templates/etc/postfix/virtual/16shared Normal file
View File

@@ -0,0 +1,14 @@
# Shared group
{
use esmith::AccountsDB;
my $a = esmith::AccountsDB->open_ro;
$OUT = "shared\t\t\t";
for my $user ( $a->get('admin'), $a->users )
{
next if ( ($user->prop('EveryoneEmail') || 'yes') eq 'no');
$OUT .= $user->key . " ";
}
}