* Sun Nov 02 2025 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-12.sme

- template /etc/aliases [SME: 13262]
- implement postfix delayed delivery notifications [SME: 12854]

README.md

@@ -41,6 +41,7 @@ DONE
 TODO
 * remove from smeserver-mail /usr/local/sbin/smtp-auth-proxy.pl
 * migrate and rewrite code for smtp-auth-proxy properties
+* panel to list / manage queue
 
 FUTURE
 * .foward support, when/if .qmail support is dropped 
@@ -76,6 +77,7 @@ config
 * EmailUnknownUser (default to returntosender)
 
 REFERENCES
+* https://serverfault.com/questions/638152/how-to-remove-postfix-queue-messages-sent-to-a-specific-domain
 * https://unix.stackexchange.com/questions/93197/postfix-configuration-to-verify-all-recipients
 * https://phoenixnap.com/kb/postfix-smtp
 * https://www.gentei.org/~yuuji/software/dotqmail/

createlinks

@@ -14,6 +14,7 @@ foreach (qw(
    transport
    virtual
    sasl_passwd
+   generic
 ))
 {
   templates2events("/etc/postfix/$_", qw(
@@ -213,6 +214,13 @@ safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd
     # files(s) to be backed up
 #));
 
+#--------------------------------------------------
+# actions for pseudonym-{create,delete,modify}
+#--------------------------------------------------
+foreach $event ( qw(pseudonym-create pseudonym-modify pseudonym-delete) )
+{
+    safe_symlink("reload-or-restart", "root/etc/e-smith/events/$event/services2adjust/postfix");
+}
 
 
 

root/etc/e-smith/templates/etc/aliases/00header

@@ -0,0 +1,104 @@
+#
+#  Aliases in this file will NOT be expanded in the header from
+#  Mail, but WILL be visible over networks or from /bin/mail.
+#
+#       >>>>>>>>>>      The program "newaliases" must be run after
+#       >> NOTE >>      this file is updated for any changes to
+#       >>>>>>>>>>      show through to sendmail.
+#
+{
+%aliases = (
+# SME aliases
+'root'=> admin,
+
+# Basic system aliases -- these MUST be present.
+'mailer-daemon'=>  postmaster,
+'postmaster'=>     admin, # for SME, EL default would be root
+
+# General redirections for pseudo accounts.
+'bin'=>            root,
+'daemon'=>         root,
+'adm'=>            root,
+'lp'=>             root,
+'sync'=>           root,
+'shutdown'=>       root,
+'halt'=>           root,
+'mail'=>           root,
+'news'=>           root,
+'uucp'=>           root,
+'operator'=>       root,
+'games'=>          root,
+'gopher'=>         root,
+'ftp'=>            root,
+'nobody'=>         root,
+'radiusd'=>        root,
+'nut'=>            root,
+'dbus'=>           root,
+'vcsa'=>           root,
+'canna'=>          root,
+'wnn'=>            root,
+'rpm'=>            root,
+'nscd'=>           root,
+'pcap'=>           root,
+'apache'=>         root,
+'webalizer'=>      root,
+'dovecot'=>        root,
+'fax'=>            root,
+'quagga'=>         root,
+'radvd'=>          root,
+'pvm'=>            root,
+'amandabackup'=>           root,
+'privoxy'=>        root,
+'ident'=>          root,
+'named'=>          root,
+'xfs'=>            root,
+'gdm'=>            root,
+'mailnull'=>       root,
+'postgres'=>       root,
+'sshd'=>           root,
+'smmsp'=>          root,
+'postfix'=>        root,
+'netdump'=>        root,
+'ldap'=>           root,
+'squid'=>          root,
+'ntp'=>            root,
+'mysql'=>          root,
+'desktop'=>        root,
+'rpcuser'=>        root,
+'rpc'=>            root,
+'nfsnobody'=>      root,
+'pcp'=>            root,
+
+'ingres'=>         root,
+'system'=>         root,
+'toor'=>           root,
+'manager'=>        root,
+'dumper'=>         root,
+'abuse'=>          root,
+
+'newsadm'=>        news,
+'newsadmin'=>      news,
+'usenet'=>         news,
+'ftpadm'=>         ftp,
+'ftpadmin'=>       ftp,
+'ftp-adm'=>        ftp,
+'ftp-admin'=>      ftp,
+'www'=>            webmaster,
+'webmaster'=>      root,
+'noc'=>            root,
+'security'=>       root,
+'hostmaster'=>     root,
+'info'=>           postmaster,
+'marketing'=>      postmaster,
+'sales'=>          postmaster,
+'support'=>        postmaster,
+
+
+# trap decode to catch security attacks
+'decode'=>         root,
+
+# Person who should get root,'s mail
+#'root'=>          marc
+);
+$OUT ="";
+}

root/etc/e-smith/templates/etc/aliases/10aliases

@@ -0,0 +1,16 @@
+{
+use esmith::AccountsDB;
+my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB";
+#$hum=$adb->users;
+my @users= map { $_->{key} } ( $adb->users,$adb->pseudonyms,$adb->groups,$adb->get_all_by_prop(type=>"system"),$adb->get_all_by_prop(type=>"ibay")  );
+# do we want ibays, reserved, url, printers ?
+#$OUT .= join(", ", @users), "\n";
+
+my @sorted_keys = sort keys %aliases;
+foreach my $key (@sorted_keys) {
+    $OUT .= "# $key in SME Server accounts db, ignoring " if (grep { $_ eq $key } @users); #if (grep { /$key/ } @users);
+    $OUT .= "$key: $aliases{$key}\n";
+}
+
+
+}

root/etc/e-smith/templates/etc/postfix/generic/10myorigin

@@ -0,0 +1,2 @@
+#change myorigin to local domain for outgoing emails
+@{$SystemName}  @{$DomainName}

root/etc/e-smith/templates/etc/postfix/main.cf/32myorigin

@@ -1,2 +1,7 @@
-myorigin = $mydomain
+{
+# do not put a domain that will be used to recieve emails there
+# if you do so you will lose email with the virtual rewriting process.
+# this will complete local sent email and virtual right hands
+}# do not put real domain there to avoid loop, or catch-all issues
+myorigin = $myhostname
 append_at_myorigin = yes

root/etc/e-smith/templates/etc/postfix/main.cf/45recipients

@@ -1,5 +1,5 @@
 {
 # qmail compatibility - instead of +
 # default empty
-}
-recipient_delimiter = -
+}recipient_delimiter = -
+expand_owner_alias = yes

root/etc/e-smith/templates/etc/postfix/main.cf/50mydestination

@@ -1,5 +1,5 @@
 # SME Primary domain and host: looks up all recipients in /etc/passwd and /etc/aliases
-mydestination = $myhostname $mydomain $myhostname.$mydomain localhost.$mydomain localhost {
+mydestination = $myorigin $myhostname $mydomain $myhostname.$mydomain localhost.$mydomain localhost {
    $OUT = " ";
     my $i = 0;
     use esmith::DomainsDB;

root/etc/e-smith/templates/etc/postfix/main.cf/62delaywarn

@@ -0,0 +1,4 @@
+{
+  my $DelayWarningTime = $postfix{'DelayWarningTime'} || "0h";
+  $OUT = "delay_warning_time = $DelayWarningTime\n";
+}

root/etc/e-smith/templates/etc/postfix/main.cf/64luser_relay_catchall

@@ -1,7 +1,5 @@
 {
  # we use the value of EmailUnknownUser (default to returntosender)
- # this option night ignore all virtual_maps entries... like pseudonyms and groups in case of virtual domain
- # see /etc/e-smith/templates//etc/postfix/virtual/95unknownusers
- #return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
- #$OUT ="luser_relay = $EmailUnknownUser";
-}# if enabled, we catch all unknown users in virtual 
+ return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
+ $OUT ="luser_relay = $EmailUnknownUser";
+}

root/etc/e-smith/templates/etc/postfix/main.cf/65heloname

@@ -1 +1 @@
-smtp_helo_name = { $qpsmtpd{HeloHost} || '$myhostname'}
+smtp_helo_name = { $qpsmtpd{HeloHost} || '$mydomain' } 

root/etc/e-smith/templates/etc/postfix/main.cf/70certificates

@@ -11,7 +11,7 @@ smtp_tls_note_starttls_offer = yes
 # was issued by a CA that is trusted by the Postfix SMTP client
 }smtp_tls_security_level = {
   my $smarthost = $SMTPSmartHost || "off";
-  my $userid = ${smtp-auth-proxy}{'Userid'} || "";
+  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
   my $tls_security_level = $postfix{'tls_security_level'} || "may";
   $tls_security_level = "encrypt" if ($smarthost ne "off" && $userid ne "");
   $OUT = $tls_security_level;

root/etc/e-smith/templates/etc/postfix/main.cf/75smarthost

@@ -1,9 +1,9 @@
 ## SME relay outgoing mails to smarthost
 {
   my $smarthost = $SMTPSmartHost || "off";
-  my $userid = ${smtp-auth-proxy}{'Userid'} || "";
-  my $password = ${smtp-auth-proxy}{'Passwd'} || "";
-  my $port = ${smtp-auth-proxy}{'PeerPort'} || "25";
+  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
+  my $password = ${'smtp-auth-proxy'}{'Passwd'} || "";
+  my $port = ${'smtp-auth-proxy'}{'PeerPort'} || "25";
   return "#Smarthost disabled" unless $smarthost ne "off";
   $OUT = "relayhost = [$smarthost]:$port\n";
   if ($userid ne "") 

root/etc/e-smith/templates/etc/postfix/main.cf/86smtp_generic_maps

@@ -0,0 +1,2 @@
+# rewrite addresse of outgoing emails
+smtp_generic_maps = hash:/etc/postfix/generic

root/etc/e-smith/templates/etc/postfix/sasl_passwd/20smarthost

@@ -1,9 +1,9 @@
 ## SME relay outgoing mails to smarthost
 {
   my $smarthost = $SMTPSmartHost || "off";
-  my $userid = ${smtp-auth-proxy}{'Userid'} || "";
-  my $password = ${smtp-auth-proxy}{'Passwd'} || "";
-  my $port = ${smtp-auth-proxy}{'PeerPort'} || "25";
+  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
+  my $password = ${'smtp-auth-proxy'}{'Passwd'} || "";
+  my $port = ${'smtp-auth-proxy'}{'PeerPort'} || "25";
   return "#Smarthost disabled" unless $smarthost ne "off";
   $OUT = "";
   if ($userid ne "")

root/etc/e-smith/templates/etc/postfix/virtual/05system

@@ -15,7 +15,6 @@ root			admin
 
     for my $acct ($adb->get_all_by_prop(type=>"system"))
     {
-      next if ($acct->key eq "admin");
       next if ($acct->key eq "alias");
       next if ($acct->key eq "shared");
       next if ($acct->key eq "root");

root/etc/e-smith/templates/etc/postfix/virtual/06user

@@ -1,2 +1,19 @@
 # SME users
-# not needed postfix will map all system users directly
+{
+    my $dms = $DelegateMailServer;
+
+    return "# DelegateMailServer is set" if ($dms && ($dms !~ /^\s*$/));
+
+    $OUT = "";
+
+    use esmith::AccountsDB;
+
+    my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB";
+
+    for my $user ($adb->users)
+    {
+      #next unless ($pseudo->key =~ /@/); <== aliase to emails or catch-all @domain.com are ok
+      $OUT .= $user->key . "\t\t\t".$user->key."\n";
+    }
+}
+

root/etc/e-smith/templates/etc/postfix/virtual/15groups

@@ -25,6 +25,6 @@
 					push @members, $user;
 			}
 			my $members = join(' ', @members);
-      $OUT .= "$acct\t\t\t$members\n";
+      $OUT .= "$acct\t\t\t$members\n" if $members;
    }
 }

root/etc/e-smith/templates/etc/postfix/virtual/95unknownusers

@@ -1,7 +1,8 @@
 {
+   return "" ; #not used
    # as we might have virtualdomains we prefer this over luser_relay
    return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
-   $OUT = "";
+   $OUT = "catch-all";
     my $i = 0;
     use esmith::DomainsDB;
     my $ddb = esmith::DomainsDB->open_ro;

root/sbin/e-smith/systemd/postfix-pre

@@ -2,6 +2,9 @@
 /usr/sbin/e-smith/expand-template /etc/postfix/virtual
 /usr/sbin/e-smith/expand-template /etc/postfix/sasl_passwd
 /usr/sbin/e-smith/expand-template /etc/postfix/transport
+/usr/sbin/e-smith/expand-template /etc/postfix/generic
+/usr/sbin/e-smith/expand-template /etc/postfix/main.cf
+/usr/sbin/e-smith/expand-template /etc/postfix/master.cf
 # sensitive file, we want to be sure.
 touch /etc/postfix/sasl_passwd.db
 chmod 0600 /etc/postfix/sasl_passwd.db
@@ -9,3 +12,4 @@ chown root:root /etc/postfix/sasl_passwd.db
 /usr/sbin/postmap /etc/postfix/virtual
 /usr/sbin/postmap /etc/postfix/sasl_passwd
 /usr/sbin/postmap /etc/postfix/transport
+/usr/sbin/postmap /etc/postfix/generic

root/sbin/e-smith/systemd/postfix-reload

@@ -2,11 +2,16 @@
 /usr/sbin/e-smith/expand-template /etc/postfix/virtual
 /usr/sbin/e-smith/expand-template /etc/postfix/sasl_passwd
 /usr/sbin/e-smith/expand-template /etc/postfix/transport
+/usr/sbin/e-smith/expand-template /etc/postfix/generic
+#TODO /usr/sbin/e-smith/expand-template /etc/postfix/main.cf
+#TODO /usr/sbin/e-smith/expand-template /etc/postfix/master.cf
 # sensitive file, we want to be sure.
 touch /etc/postfix/sasl_passwd.db
 chmod 0600 /etc/postfix/sasl_passwd.db
 chown root:root /etc/postfix/sasl_passwd.db
+/usr/libexec/postfix/aliasesdb
 /usr/sbin/postmap /etc/postfix/virtual
 /usr/sbin/postmap /etc/postfix/sasl_passwd
 /usr/sbin/postmap /etc/postfix/transport
+/usr/sbin/postmap /etc/postfix/generic
 /usr/sbin/postfix reload

smeserver-postfix.spec

@@ -1,6 +1,6 @@
 %define name smeserver-postfix
 %define version 1.0
-%define release 6
+%define release 12
 Summary: This is what smeserver-postfix does.
 Name: %{name}
 Version: %{version}
@@ -24,6 +24,24 @@ AutoReqProv: no
 Koozali SME Server wrapper to configure postfix
 
 %changelog
+* Sun Nov 02 2025 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-12.sme
+- template /etc/aliases [SME: 13262]
+- implement postfix delayed delivery notifications [SME: 12854]
+
+* Wed Jan 08 2025 Brian Read <brianr@koozali.org> 1.0-11.sme
+- reload-or-restart postfix after pseudonym change [SME: 12863]
+
+* Sun Dec 29 2024 Brian Read <brianr@koozali.org> 1.0-10.sme
+- Quotes round smtp-auth-proxy in templates for main.cf and sasl-passwd [SME: 12836]
+
+* Mon Dec 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-9.sme
+- fix virtual  expected format: key whitespace value for empty group [SME: 12834]
+
+* Fri Dec 20 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-8.sme
+- fix catch-all behaviour [SME: 12382]
+  myorigin now is hostname
+  in case email sent outside by deamon generic rewrite occurs
+
 * Sun Dec 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-6.sme
 - add mini-qmail as Message delivery agent  [SME: 12737]
   few other fixes; +x on needed executable files