* Wed Jan 08 2025 Brian Read <brianr@koozali.org> 1.0-11.sme

- reload-or-restart postfix after pseudonym change [SME: 12863]

README.md

@@ -41,6 +41,7 @@ DONE
 TODO
 * remove from smeserver-mail /usr/local/sbin/smtp-auth-proxy.pl
 * migrate and rewrite code for smtp-auth-proxy properties
+* panel to list / manage queue
 
 FUTURE
 * .foward support, when/if .qmail support is dropped 
@@ -76,6 +77,7 @@ config
 * EmailUnknownUser (default to returntosender)
 
 REFERENCES
+* https://serverfault.com/questions/638152/how-to-remove-postfix-queue-messages-sent-to-a-specific-domain
 * https://unix.stackexchange.com/questions/93197/postfix-configuration-to-verify-all-recipients
 * https://phoenixnap.com/kb/postfix-smtp
 * https://www.gentei.org/~yuuji/software/dotqmail/

createlinks

@@ -14,6 +14,7 @@ foreach (qw(
    transport
    virtual
    sasl_passwd
+   generic
 ))
 {
   templates2events("/etc/postfix/$_", qw(
@@ -213,6 +214,13 @@ safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd
     # files(s) to be backed up
 #));
 
+#--------------------------------------------------
+# actions for pseudonym-{create,delete,modify}
+#--------------------------------------------------
+foreach $event ( qw(pseudonym-create pseudonym-modify pseudonym-delete) )
+{
+    safe_symlink("reload-or-restart", "root/etc/e-smith/events/$event/services2adjust/postfix");
+}
 
 
 

root/etc/e-smith/templates/etc/postfix/generic/10myorigin

@@ -0,0 +1,2 @@
+#change myorigin to local domain for outgoing emails
+@{$SystemName}  @{$DomainName}

root/etc/e-smith/templates/etc/postfix/main.cf/32myorigin

@@ -1,2 +1,7 @@
-myorigin = $mydomain
+{
+# do not put a domain that will be used to recieve emails there
+# if you do so you will lose email with the virtual rewriting process.
+# this will complete local sent email and virtual right hands
+}# do not put real domain there to avoid loop, or catch-all issues
+myorigin = $myhostname
 append_at_myorigin = yes

root/etc/e-smith/templates/etc/postfix/main.cf/45recipients

@@ -1,5 +1,5 @@
 {
 # qmail compatibility - instead of +
 # default empty
-}
-recipient_delimiter = -
+}recipient_delimiter = -
+expand_owner_alias = yes

root/etc/e-smith/templates/etc/postfix/main.cf/50mydestination

@@ -1,5 +1,5 @@
 # SME Primary domain and host: looks up all recipients in /etc/passwd and /etc/aliases
-mydestination = $myhostname $mydomain $myhostname.$mydomain localhost.$mydomain localhost {
+mydestination = $myorigin $myhostname $mydomain $myhostname.$mydomain localhost.$mydomain localhost {
    $OUT = " ";
     my $i = 0;
     use esmith::DomainsDB;

root/etc/e-smith/templates/etc/postfix/main.cf/64luser_relay_catchall

@@ -1,7 +1,5 @@
 {
  # we use the value of EmailUnknownUser (default to returntosender)
- # this option night ignore all virtual_maps entries... like pseudonyms and groups in case of virtual domain
- # see /etc/e-smith/templates//etc/postfix/virtual/95unknownusers
- #return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
- #$OUT ="luser_relay = $EmailUnknownUser";
-}# if enabled, we catch all unknown users in virtual 
+ return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
+ $OUT ="luser_relay = $EmailUnknownUser";
+}

root/etc/e-smith/templates/etc/postfix/main.cf/65heloname

@@ -1 +1 @@
-smtp_helo_name = { $qpsmtpd{HeloHost} || '$myhostname'}
+smtp_helo_name = { $qpsmtpd{HeloHost} || '$mydomain' } 

root/etc/e-smith/templates/etc/postfix/main.cf/70certificates

@@ -11,7 +11,7 @@ smtp_tls_note_starttls_offer = yes
 # was issued by a CA that is trusted by the Postfix SMTP client
 }smtp_tls_security_level = {
   my $smarthost = $SMTPSmartHost || "off";
-  my $userid = ${smtp-auth-proxy}{'Userid'} || "";
+  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
   my $tls_security_level = $postfix{'tls_security_level'} || "may";
   $tls_security_level = "encrypt" if ($smarthost ne "off" && $userid ne "");
   $OUT = $tls_security_level;

root/etc/e-smith/templates/etc/postfix/main.cf/75smarthost

@@ -1,9 +1,9 @@
 ## SME relay outgoing mails to smarthost
 {
   my $smarthost = $SMTPSmartHost || "off";
-  my $userid = ${smtp-auth-proxy}{'Userid'} || "";
-  my $password = ${smtp-auth-proxy}{'Passwd'} || "";
-  my $port = ${smtp-auth-proxy}{'PeerPort'} || "25";
+  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
+  my $password = ${'smtp-auth-proxy'}{'Passwd'} || "";
+  my $port = ${'smtp-auth-proxy'}{'PeerPort'} || "25";
   return "#Smarthost disabled" unless $smarthost ne "off";
   $OUT = "relayhost = [$smarthost]:$port\n";
   if ($userid ne "") 

root/etc/e-smith/templates/etc/postfix/main.cf/86smtp_generic_maps

@@ -0,0 +1,2 @@
+# rewrite addresse of outgoing emails
+smtp_generic_maps = hash:/etc/postfix/generic

root/etc/e-smith/templates/etc/postfix/sasl_passwd/20smarthost

@@ -1,9 +1,9 @@
 ## SME relay outgoing mails to smarthost
 {
   my $smarthost = $SMTPSmartHost || "off";
-  my $userid = ${smtp-auth-proxy}{'Userid'} || "";
-  my $password = ${smtp-auth-proxy}{'Passwd'} || "";
-  my $port = ${smtp-auth-proxy}{'PeerPort'} || "25";
+  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
+  my $password = ${'smtp-auth-proxy'}{'Passwd'} || "";
+  my $port = ${'smtp-auth-proxy'}{'PeerPort'} || "25";
   return "#Smarthost disabled" unless $smarthost ne "off";
   $OUT = "";
   if ($userid ne "")

root/etc/e-smith/templates/etc/postfix/virtual/05system

@@ -15,7 +15,6 @@ root			admin
 
     for my $acct ($adb->get_all_by_prop(type=>"system"))
     {
-      next if ($acct->key eq "admin");
       next if ($acct->key eq "alias");
       next if ($acct->key eq "shared");
       next if ($acct->key eq "root");

root/etc/e-smith/templates/etc/postfix/virtual/06user

@@ -1,2 +1,19 @@
 # SME users
-# not needed postfix will map all system users directly
+{
+    my $dms = $DelegateMailServer;
+
+    return "# DelegateMailServer is set" if ($dms && ($dms !~ /^\s*$/));
+
+    $OUT = "";
+
+    use esmith::AccountsDB;
+
+    my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB";
+
+    for my $user ($adb->users)
+    {
+      #next unless ($pseudo->key =~ /@/); <== aliase to emails or catch-all @domain.com are ok
+      $OUT .= $user->key . "\t\t\t".$user->key."\n";
+    }
+}
+

root/etc/e-smith/templates/etc/postfix/virtual/15groups

@@ -25,6 +25,6 @@
 					push @members, $user;
 			}
 			my $members = join(' ', @members);
-      $OUT .= "$acct\t\t\t$members\n";
+      $OUT .= "$acct\t\t\t$members\n" if $members;
    }
 }

root/etc/e-smith/templates/etc/postfix/virtual/95unknownusers

@@ -1,7 +1,8 @@
 {
+   return "" ; #not used
    # as we might have virtualdomains we prefer this over luser_relay
    return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
-   $OUT = "";
+   $OUT = "catch-all";
     my $i = 0;
     use esmith::DomainsDB;
     my $ddb = esmith::DomainsDB->open_ro;

root/sbin/e-smith/systemd/postfix-pre

@@ -2,6 +2,9 @@
 /usr/sbin/e-smith/expand-template /etc/postfix/virtual
 /usr/sbin/e-smith/expand-template /etc/postfix/sasl_passwd
 /usr/sbin/e-smith/expand-template /etc/postfix/transport
+/usr/sbin/e-smith/expand-template /etc/postfix/generic
+/usr/sbin/e-smith/expand-template /etc/postfix/main.cf
+/usr/sbin/e-smith/expand-template /etc/postfix/master.cf
 # sensitive file, we want to be sure.
 touch /etc/postfix/sasl_passwd.db
 chmod 0600 /etc/postfix/sasl_passwd.db
@@ -9,3 +12,4 @@ chown root:root /etc/postfix/sasl_passwd.db
 /usr/sbin/postmap /etc/postfix/virtual
 /usr/sbin/postmap /etc/postfix/sasl_passwd
 /usr/sbin/postmap /etc/postfix/transport
+/usr/sbin/postmap /etc/postfix/generic

root/sbin/e-smith/systemd/postfix-reload

@@ -2,11 +2,16 @@
 /usr/sbin/e-smith/expand-template /etc/postfix/virtual
 /usr/sbin/e-smith/expand-template /etc/postfix/sasl_passwd
 /usr/sbin/e-smith/expand-template /etc/postfix/transport
+/usr/sbin/e-smith/expand-template /etc/postfix/generic
+#TODO /usr/sbin/e-smith/expand-template /etc/postfix/main.cf
+#TODO /usr/sbin/e-smith/expand-template /etc/postfix/master.cf
 # sensitive file, we want to be sure.
 touch /etc/postfix/sasl_passwd.db
 chmod 0600 /etc/postfix/sasl_passwd.db
 chown root:root /etc/postfix/sasl_passwd.db
+/usr/libexec/postfix/aliasesdb
 /usr/sbin/postmap /etc/postfix/virtual
 /usr/sbin/postmap /etc/postfix/sasl_passwd
 /usr/sbin/postmap /etc/postfix/transport
+/usr/sbin/postmap /etc/postfix/generic
 /usr/sbin/postfix reload

smeserver-postfix.spec

@@ -1,6 +1,6 @@
 %define name smeserver-postfix
 %define version 1.0
-%define release 6
+%define release 11
 Summary: This is what smeserver-postfix does.
 Name: %{name}
 Version: %{version}
@@ -24,6 +24,20 @@ AutoReqProv: no
 Koozali SME Server wrapper to configure postfix
 
 %changelog
+* Wed Jan 08 2025 Brian Read <brianr@koozali.org> 1.0-11.sme
+- reload-or-restart postfix after pseudonym change [SME: 12863]
+
+* Sun Dec 29 2024 Brian Read <brianr@koozali.org> 1.0-10.sme
+- Quotes round smtp-auth-proxy in templates for main.cf and sasl-passwd [SME: 12836]
+
+* Mon Dec 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-9.sme
+- fix virtual  expected format: key whitespace value for empty group [SME: 12834]
+
+* Fri Dec 20 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-8.sme
+- fix catch-all behaviour [SME: 12382]
+  myorigin now is hostname
+  in case email sent outside by deamon generic rewrite occurs
+
 * Sun Dec 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-6.sme
 - add mini-qmail as Message delivery agent  [SME: 12737]
   few other fixes; +x on needed executable files