* Fri Dec 20 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-8.sme

- fix catch-all behaviour [SME: 12382]
  myorigin now is hostname
  in case email sent outside by deamon generic rewrite occurs

README.md

@@ -20,33 +20,11 @@ Show list of outstanding bugs:
 Koozali SME Server wrapper to configure postfix
 
 ## Development and testing
-```
- mkdir -p /etc/e-smith/templates-custom/var/service/{qpsmtpd,sqpsmtpd,uqpsmtpd}/config/peers/{0,local} 
- echo 'queue/postfix-queue' | tee  /etc/e-smith/templates-custom/var/service/{qpsmtpd,sqpsmtpd,uqpsmtpd}/config/peers/{0,local}/90queue-qmail-queue > /dev/null
- config setprop qmail status disabled
- systemctl stop qmail
- signal-event email-update
- dnf install smeserver-postfix
-```
-
-
-then test
 ```
  echo "This email confirms that Postfix is working" | mail -s "Testing Posfix" emailuser@example.com
 ```
 or using roundcube/ mail client
 
-
-to remove
-```
- rm -rf /etc/e-smith/templates-custom/var/service/{qpsmtpd,sqpsmtpd,uqpsmtpd}/config/peers/{0,local}/
- config setprop qmail status enabled
- systemctl start qmail
- signal-event email-update
- dnf remove smeserver-postfix
-```
-
-
 DONE
 * main domain
 * listen only socket
@@ -56,18 +34,19 @@ DONE
 * .qmail support using mini-qmail + wrapper and seakablepipe
 * maildrop/procmail support directly via .qmail 
 * check /usr/sbin/sendmail -> /etc/alternatives/mta -> /usr/sbin/sendmail.postfix
-* EmailUnknownUser support use luser_relay. if we had virtual domain we could not use it 
+* EmailUnknownUser support in virtual 
 * migrate and remove qmail properties to postfix
+* make a copy of /var/qmail/control/smtproutes to (su)qpsmtpd/config/smtproutes
 
 TODO
 * remove from smeserver-mail /usr/local/sbin/smtp-auth-proxy.pl
 * migrate and rewrite code for smtp-auth-proxy properties
-* make a copy of /var/qmail/control/smtproutes to (su)qpsmtpd/config/smtproutes
+* panel to list / manage queue
 
 FUTURE
 * .foward support, when/if .qmail support is dropped 
-* TODO VirtualMail for domain with catchall and EmailUnknownUser ( we can not use luser_relay if we use virtual_alias 
 * ldap / AD user support
+* throttle for some destination
 
 TO CHECK
     $prop->{Blacklist} = $smtp_proxy_rec->prop('Blacklist') || " ";
@@ -98,6 +77,7 @@ config
 * EmailUnknownUser (default to returntosender)
 
 REFERENCES
+* https://serverfault.com/questions/638152/how-to-remove-postfix-queue-messages-sent-to-a-specific-domain
 * https://unix.stackexchange.com/questions/93197/postfix-configuration-to-verify-all-recipients
 * https://phoenixnap.com/kb/postfix-smtp
 * https://www.gentei.org/~yuuji/software/dotqmail/

createlinks

@@ -14,6 +14,7 @@ foreach (qw(
    transport
    virtual
    sasl_passwd
+   generic
 ))
 {
   templates2events("/etc/postfix/$_", qw(

root/etc/e-smith/templates/etc/postfix/generic/10myorigin

@@ -0,0 +1,2 @@
+#change myorigin to local domain for outgoing emails
+@{$SystemName}  @{$DomainName}

root/etc/e-smith/templates/etc/postfix/main.cf/32myorigin

@@ -1,2 +1,7 @@
-myorigin = $mydomain
+{
+# do not put a domain that will be used to recieve emails there
+# if you do so you will lose email with the virtual rewriting process.
+# this will complete local sent email and virtual right hands
+}# do not put real domain there to avoid loop, or catch-all issues
+myorigin = $myhostname
 append_at_myorigin = yes

root/etc/e-smith/templates/etc/postfix/main.cf/45recipients

@@ -1,5 +1,5 @@
 {
 # qmail compatibility - instead of +
 # default empty
-}
-recipient_delimiter = -
+}recipient_delimiter = -
+expand_owner_alias = yes

root/etc/e-smith/templates/etc/postfix/main.cf/50mydestination

@@ -1,5 +1,5 @@
 # SME Primary domain and host: looks up all recipients in /etc/passwd and /etc/aliases
-mydestination = $myhostname $mydomain $myhostname.$mydomain localhost.$mydomain localhost {
+mydestination = $myorigin $myhostname $mydomain $myhostname.$mydomain localhost.$mydomain localhost {
    $OUT = " ";
     my $i = 0;
     use esmith::DomainsDB;

root/etc/e-smith/templates/etc/postfix/main.cf/64luser_relay_catchall

@@ -1,7 +1,5 @@
 {
  # we use the value of EmailUnknownUser (default to returntosender)
- # this option night ignore all virtual_maps entries... like pseudonyms and groups in case of virtual domain
- # see /etc/e-smith/templates//etc/postfix/virtual/95unknownusers
- #return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
- #$OUT ="luser_relay = $EmailUnknownUser";
-}# if enabled, we catch all unknown users in virtual 
+ return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
+ $OUT ="luser_relay = $EmailUnknownUser";
+}

root/etc/e-smith/templates/etc/postfix/main.cf/65heloname

@@ -1 +1 @@
-smtp_helo_name = { $qpsmtpd{HeloHost} || '$myhostname'}
+smtp_helo_name = { $qpsmtpd{HeloHost} || '$mydomain' } 

root/etc/e-smith/templates/etc/postfix/main.cf/86smtp_generic_maps

@@ -0,0 +1,2 @@
+# rewrite addresse of outgoing emails
+smtp_generic_maps = hash:/etc/postfix/generic

root/etc/e-smith/templates/etc/postfix/virtual/05system

@@ -15,7 +15,6 @@ root			admin
 
     for my $acct ($adb->get_all_by_prop(type=>"system"))
     {
-      next if ($acct->key eq "admin");
       next if ($acct->key eq "alias");
       next if ($acct->key eq "shared");
       next if ($acct->key eq "root");

root/etc/e-smith/templates/etc/postfix/virtual/06user

@@ -1,2 +1,19 @@
 # SME users
-# not needed postfix will map all system users directly
+{
+    my $dms = $DelegateMailServer;
+
+    return "# DelegateMailServer is set" if ($dms && ($dms !~ /^\s*$/));
+
+    $OUT = "";
+
+    use esmith::AccountsDB;
+
+    my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB";
+
+    for my $user ($adb->users)
+    {
+      #next unless ($pseudo->key =~ /@/); <== aliase to emails or catch-all @domain.com are ok
+      $OUT .= $user->key . "\t\t\t".$user->key."\n";
+    }
+}
+

root/etc/e-smith/templates/etc/postfix/virtual/95unknownusers

@@ -1,7 +1,8 @@
 {
+   return "" ; #not used
    # as we might have virtualdomains we prefer this over luser_relay
    return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
-   $OUT = "";
+   $OUT = "catch-all";
     my $i = 0;
     use esmith::DomainsDB;
     my $ddb = esmith::DomainsDB->open_ro;

root/sbin/e-smith/systemd/postfix-pre

@@ -2,6 +2,9 @@
 /usr/sbin/e-smith/expand-template /etc/postfix/virtual
 /usr/sbin/e-smith/expand-template /etc/postfix/sasl_passwd
 /usr/sbin/e-smith/expand-template /etc/postfix/transport
+/usr/sbin/e-smith/expand-template /etc/postfix/generic
+/usr/sbin/e-smith/expand-template /etc/postfix/main.cf
+/usr/sbin/e-smith/expand-template /etc/postfix/master.cf
 # sensitive file, we want to be sure.
 touch /etc/postfix/sasl_passwd.db
 chmod 0600 /etc/postfix/sasl_passwd.db
@@ -9,3 +12,4 @@ chown root:root /etc/postfix/sasl_passwd.db
 /usr/sbin/postmap /etc/postfix/virtual
 /usr/sbin/postmap /etc/postfix/sasl_passwd
 /usr/sbin/postmap /etc/postfix/transport
+/usr/sbin/postmap /etc/postfix/generic

root/sbin/e-smith/systemd/postfix-reload

@@ -2,11 +2,16 @@
 /usr/sbin/e-smith/expand-template /etc/postfix/virtual
 /usr/sbin/e-smith/expand-template /etc/postfix/sasl_passwd
 /usr/sbin/e-smith/expand-template /etc/postfix/transport
+/usr/sbin/e-smith/expand-template /etc/postfix/generic
+#TODO /usr/sbin/e-smith/expand-template /etc/postfix/main.cf
+#TODO /usr/sbin/e-smith/expand-template /etc/postfix/master.cf
 # sensitive file, we want to be sure.
 touch /etc/postfix/sasl_passwd.db
 chmod 0600 /etc/postfix/sasl_passwd.db
 chown root:root /etc/postfix/sasl_passwd.db
+/usr/libexec/postfix/aliasesdb
 /usr/sbin/postmap /etc/postfix/virtual
 /usr/sbin/postmap /etc/postfix/sasl_passwd
 /usr/sbin/postmap /etc/postfix/transport
+/usr/sbin/postmap /etc/postfix/generic
 /usr/sbin/postfix reload

smeserver-postfix.spec

@@ -1,6 +1,6 @@
 %define name smeserver-postfix
 %define version 1.0
-%define release 5
+%define release 8
 Summary: This is what smeserver-postfix does.
 Name: %{name}
 Version: %{version}
@@ -24,7 +24,12 @@ AutoReqProv: no
 Koozali SME Server wrapper to configure postfix
 
 %changelog
-* Sun Dec 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-5.sme
+* Fri Dec 20 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-8.sme
+- fix catch-all behaviour [SME: 12382]
+  myorigin now is hostname
+  in case email sent outside by deamon generic rewrite occurs
+
+* Sun Dec 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-6.sme
 - add mini-qmail as Message delivery agent  [SME: 12737]
   few other fixes; +x on needed executable files
   migrate old qmail properties used in postfix
@@ -64,9 +69,9 @@ rm -f %{name}-%{version}-filelist
 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
   --file /sbin/e-smith/systemd/postfix-reload 'attr(750,root,root)' \
   --file /sbin/e-smith/systemd/postfix-pre 'attr(750,root,root)' \
-  --file /usr/bin/dotqmail  'attr(0554,root,root)' \
-  --file /usr/bin/postqmail-local  'attr(0554,root,root)' \
-  --file /usr/local/bin/seekablepipe 'attr(0554,root,root)' \
+  --file /usr/bin/dotqmail  'attr(0555,root,root)' \
+  --file /usr/bin/postqmail-local  'attr(0555,root,root)' \
+  --file /usr/local/bin/seekablepipe 'attr(0555,root,root)' \
 > %{name}-%{version}-filelist
 
 %clean