README.md

@@ -20,11 +20,33 @@ Show list of outstanding bugs:
 Koozali SME Server wrapper to configure postfix
 
 ## Development and testing
+```
+ mkdir -p /etc/e-smith/templates-custom/var/service/{qpsmtpd,sqpsmtpd,uqpsmtpd}/config/peers/{0,local} 
+ echo 'queue/postfix-queue' | tee  /etc/e-smith/templates-custom/var/service/{qpsmtpd,sqpsmtpd,uqpsmtpd}/config/peers/{0,local}/90queue-qmail-queue > /dev/null
+ config setprop qmail status disabled
+ systemctl stop qmail
+ signal-event email-update
+ dnf install smeserver-postfix
+```
+
+
+then test
 ```
  echo "This email confirms that Postfix is working" | mail -s "Testing Posfix" emailuser@example.com
 ```
 or using roundcube/ mail client
 
+
+to remove
+```
+ rm -rf /etc/e-smith/templates-custom/var/service/{qpsmtpd,sqpsmtpd,uqpsmtpd}/config/peers/{0,local}/
+ config setprop qmail status enabled
+ systemctl start qmail
+ signal-event email-update
+ dnf remove smeserver-postfix
+```
+
+
 DONE
 * main domain
 * listen only socket
@@ -34,19 +56,18 @@ DONE
 * .qmail support using mini-qmail + wrapper and seakablepipe
 * maildrop/procmail support directly via .qmail 
 * check /usr/sbin/sendmail -> /etc/alternatives/mta -> /usr/sbin/sendmail.postfix
-* EmailUnknownUser support in virtual 
+* EmailUnknownUser support use luser_relay. if we had virtual domain we could not use it 
 * migrate and remove qmail properties to postfix
-* make a copy of /var/qmail/control/smtproutes to (su)qpsmtpd/config/smtproutes
 
 TODO
 * remove from smeserver-mail /usr/local/sbin/smtp-auth-proxy.pl
 * migrate and rewrite code for smtp-auth-proxy properties
-* panel to list / manage queue
+* make a copy of /var/qmail/control/smtproutes to (su)qpsmtpd/config/smtproutes
 
 FUTURE
 * .foward support, when/if .qmail support is dropped 
+* TODO VirtualMail for domain with catchall and EmailUnknownUser ( we can not use luser_relay if we use virtual_alias 
 * ldap / AD user support
-* throttle for some destination
 
 TO CHECK
     $prop->{Blacklist} = $smtp_proxy_rec->prop('Blacklist') || " ";
@@ -77,7 +98,6 @@ config
 * EmailUnknownUser (default to returntosender)
 
 REFERENCES
-* https://serverfault.com/questions/638152/how-to-remove-postfix-queue-messages-sent-to-a-specific-domain
 * https://unix.stackexchange.com/questions/93197/postfix-configuration-to-verify-all-recipients
 * https://phoenixnap.com/kb/postfix-smtp
 * https://www.gentei.org/~yuuji/software/dotqmail/

createlinks

@@ -14,7 +14,6 @@ foreach (qw(
    transport
    virtual
    sasl_passwd
-   generic
 ))
 {
   templates2events("/etc/postfix/$_", qw(
@@ -214,13 +213,6 @@ safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/uqpsmtpd
     # files(s) to be backed up
 #));
 
-#--------------------------------------------------
-# actions for pseudonym-{create,delete,modify}
-#--------------------------------------------------
-foreach $event ( qw(pseudonym-create pseudonym-modify pseudonym-delete) )
-{
-    safe_symlink("reload-or-restart", "root/etc/e-smith/events/$event/services2adjust/postfix");
-}
 
 
 

root/etc/e-smith/templates/etc/postfix/generic/10myorigin

@@ -1,2 +0,0 @@
-#change myorigin to local domain for outgoing emails
-@{$SystemName}  @{$DomainName}

root/etc/e-smith/templates/etc/postfix/main.cf/32myorigin

@@ -1,7 +1,2 @@
-{
+myorigin = $mydomain
-# do not put a domain that will be used to recieve emails there
-# if you do so you will lose email with the virtual rewriting process.
-# this will complete local sent email and virtual right hands
-}# do not put real domain there to avoid loop, or catch-all issues
-myorigin = $myhostname
 append_at_myorigin = yes

root/etc/e-smith/templates/etc/postfix/main.cf/45recipients

@@ -1,5 +1,5 @@
 {
 # qmail compatibility - instead of +
 # default empty
-}recipient_delimiter = -
+}
-expand_owner_alias = yes
+recipient_delimiter = -

root/etc/e-smith/templates/etc/postfix/main.cf/50mydestination

@@ -1,5 +1,5 @@
 # SME Primary domain and host: looks up all recipients in /etc/passwd and /etc/aliases
-mydestination = $myorigin $myhostname $mydomain $myhostname.$mydomain localhost.$mydomain localhost {
+mydestination = $myhostname $mydomain $myhostname.$mydomain localhost.$mydomain localhost {
    $OUT = " ";
     my $i = 0;
     use esmith::DomainsDB;

root/etc/e-smith/templates/etc/postfix/main.cf/64luser_relay_catchall

@@ -1,5 +1,7 @@
 {
  # we use the value of EmailUnknownUser (default to returntosender)
- return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
+ # this option night ignore all virtual_maps entries... like pseudonyms and groups in case of virtual domain
- $OUT ="luser_relay = $EmailUnknownUser";
+ # see /etc/e-smith/templates//etc/postfix/virtual/95unknownusers
-}
+ #return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
+ #$OUT ="luser_relay = $EmailUnknownUser";
+}# if enabled, we catch all unknown users in virtual 

root/etc/e-smith/templates/etc/postfix/main.cf/65heloname

@@ -1 +1 @@
-smtp_helo_name = { $qpsmtpd{HeloHost} || '$mydomain' } 
+smtp_helo_name = { $qpsmtpd{HeloHost} || '$myhostname'}

root/etc/e-smith/templates/etc/postfix/main.cf/70certificates

@@ -11,7 +11,7 @@ smtp_tls_note_starttls_offer = yes
 # was issued by a CA that is trusted by the Postfix SMTP client
 }smtp_tls_security_level = {
   my $smarthost = $SMTPSmartHost || "off";
-  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
+  my $userid = ${smtp-auth-proxy}{'Userid'} || "";
   my $tls_security_level = $postfix{'tls_security_level'} || "may";
   $tls_security_level = "encrypt" if ($smarthost ne "off" && $userid ne "");
   $OUT = $tls_security_level;

root/etc/e-smith/templates/etc/postfix/main.cf/75smarthost

@@ -1,9 +1,9 @@
 ## SME relay outgoing mails to smarthost
 {
   my $smarthost = $SMTPSmartHost || "off";
-  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
+  my $userid = ${smtp-auth-proxy}{'Userid'} || "";
-  my $password = ${'smtp-auth-proxy'}{'Passwd'} || "";
+  my $password = ${smtp-auth-proxy}{'Passwd'} || "";
-  my $port = ${'smtp-auth-proxy'}{'PeerPort'} || "25";
+  my $port = ${smtp-auth-proxy}{'PeerPort'} || "25";
   return "#Smarthost disabled" unless $smarthost ne "off";
   $OUT = "relayhost = [$smarthost]:$port\n";
   if ($userid ne "") 

root/etc/e-smith/templates/etc/postfix/main.cf/86smtp_generic_maps

@@ -1,2 +0,0 @@
-# rewrite addresse of outgoing emails
-smtp_generic_maps = hash:/etc/postfix/generic

root/etc/e-smith/templates/etc/postfix/sasl_passwd/20smarthost

@@ -1,9 +1,9 @@
 ## SME relay outgoing mails to smarthost
 {
   my $smarthost = $SMTPSmartHost || "off";
-  my $userid = ${'smtp-auth-proxy'}{'Userid'} || "";
+  my $userid = ${smtp-auth-proxy}{'Userid'} || "";
-  my $password = ${'smtp-auth-proxy'}{'Passwd'} || "";
+  my $password = ${smtp-auth-proxy}{'Passwd'} || "";
-  my $port = ${'smtp-auth-proxy'}{'PeerPort'} || "25";
+  my $port = ${smtp-auth-proxy}{'PeerPort'} || "25";
   return "#Smarthost disabled" unless $smarthost ne "off";
   $OUT = "";
   if ($userid ne "")

root/etc/e-smith/templates/etc/postfix/virtual/05system

@@ -15,6 +15,7 @@ root			admin
 
     for my $acct ($adb->get_all_by_prop(type=>"system"))
     {
+      next if ($acct->key eq "admin");
       next if ($acct->key eq "alias");
       next if ($acct->key eq "shared");
       next if ($acct->key eq "root");

root/etc/e-smith/templates/etc/postfix/virtual/06user

@@ -1,19 +1,2 @@
 # SME users
-{
+# not needed postfix will map all system users directly
-    my $dms = $DelegateMailServer;
-
-    return "# DelegateMailServer is set" if ($dms && ($dms !~ /^\s*$/));
-
-    $OUT = "";
-
-    use esmith::AccountsDB;
-
-    my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB";
-
-    for my $user ($adb->users)
-    {
-      #next unless ($pseudo->key =~ /@/); <== aliase to emails or catch-all @domain.com are ok
-      $OUT .= $user->key . "\t\t\t".$user->key."\n";
-    }
-}
-

root/etc/e-smith/templates/etc/postfix/virtual/15groups

@@ -25,6 +25,6 @@
 					push @members, $user;
 			}
 			my $members = join(' ', @members);
-      $OUT .= "$acct\t\t\t$members\n" if $members;
+      $OUT .= "$acct\t\t\t$members\n";
    }
 }

root/etc/e-smith/templates/etc/postfix/virtual/95unknownusers

@@ -1,8 +1,7 @@
 {
-   return "" ; #not used
    # as we might have virtualdomains we prefer this over luser_relay
    return "# we bounce all unknown address $EmailUnknownUser not set or equal to returntosender " unless (defined $EmailUnknownUser and $EmailUnknownUser ne 'returntosender');
-   $OUT = "catch-all";
+   $OUT = "";
     my $i = 0;
     use esmith::DomainsDB;
     my $ddb = esmith::DomainsDB->open_ro;

root/sbin/e-smith/systemd/postfix-pre

@@ -2,9 +2,6 @@
 /usr/sbin/e-smith/expand-template /etc/postfix/virtual
 /usr/sbin/e-smith/expand-template /etc/postfix/sasl_passwd
 /usr/sbin/e-smith/expand-template /etc/postfix/transport
-/usr/sbin/e-smith/expand-template /etc/postfix/generic
-/usr/sbin/e-smith/expand-template /etc/postfix/main.cf
-/usr/sbin/e-smith/expand-template /etc/postfix/master.cf
 # sensitive file, we want to be sure.
 touch /etc/postfix/sasl_passwd.db
 chmod 0600 /etc/postfix/sasl_passwd.db
@@ -12,4 +9,3 @@ chown root:root /etc/postfix/sasl_passwd.db
 /usr/sbin/postmap /etc/postfix/virtual
 /usr/sbin/postmap /etc/postfix/sasl_passwd
 /usr/sbin/postmap /etc/postfix/transport
-/usr/sbin/postmap /etc/postfix/generic

root/sbin/e-smith/systemd/postfix-reload

@@ -2,16 +2,11 @@
 /usr/sbin/e-smith/expand-template /etc/postfix/virtual
 /usr/sbin/e-smith/expand-template /etc/postfix/sasl_passwd
 /usr/sbin/e-smith/expand-template /etc/postfix/transport
-/usr/sbin/e-smith/expand-template /etc/postfix/generic
-#TODO /usr/sbin/e-smith/expand-template /etc/postfix/main.cf
-#TODO /usr/sbin/e-smith/expand-template /etc/postfix/master.cf
 # sensitive file, we want to be sure.
 touch /etc/postfix/sasl_passwd.db
 chmod 0600 /etc/postfix/sasl_passwd.db
 chown root:root /etc/postfix/sasl_passwd.db
-/usr/libexec/postfix/aliasesdb
 /usr/sbin/postmap /etc/postfix/virtual
 /usr/sbin/postmap /etc/postfix/sasl_passwd
 /usr/sbin/postmap /etc/postfix/transport
-/usr/sbin/postmap /etc/postfix/generic
 /usr/sbin/postfix reload

smeserver-postfix.spec

@@ -1,6 +1,6 @@
 %define name smeserver-postfix
 %define version 1.0
-%define release 11
+%define release 5
 Summary: This is what smeserver-postfix does.
 Name: %{name}
 Version: %{version}
@@ -24,21 +24,7 @@ AutoReqProv: no
 Koozali SME Server wrapper to configure postfix
 
 %changelog
-* Wed Jan 08 2025 Brian Read <brianr@koozali.org> 1.0-11.sme
+* Sun Dec 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-5.sme
-- reload-or-restart postfix after pseudonym change [SME: 12863]
-
-* Sun Dec 29 2024 Brian Read <brianr@koozali.org> 1.0-10.sme
-- Quotes round smtp-auth-proxy in templates for main.cf and sasl-passwd [SME: 12836]
-
-* Mon Dec 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-9.sme
-- fix virtual  expected format: key whitespace value for empty group [SME: 12834]
-
-* Fri Dec 20 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-8.sme
-- fix catch-all behaviour [SME: 12382]
-  myorigin now is hostname
-  in case email sent outside by deamon generic rewrite occurs
-
-* Sun Dec 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.0-6.sme
 - add mini-qmail as Message delivery agent  [SME: 12737]
   few other fixes; +x on needed executable files
   migrate old qmail properties used in postfix
@@ -78,9 +64,9 @@ rm -f %{name}-%{version}-filelist
 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
   --file /sbin/e-smith/systemd/postfix-reload 'attr(750,root,root)' \
   --file /sbin/e-smith/systemd/postfix-pre 'attr(750,root,root)' \
-  --file /usr/bin/dotqmail  'attr(0555,root,root)' \
+  --file /usr/bin/dotqmail  'attr(0554,root,root)' \
-  --file /usr/bin/postqmail-local  'attr(0555,root,root)' \
+  --file /usr/bin/postqmail-local  'attr(0554,root,root)' \
-  --file /usr/local/bin/seekablepipe 'attr(0555,root,root)' \
+  --file /usr/local/bin/seekablepipe 'attr(0554,root,root)' \
 > %{name}-%{version}-filelist
 
 %clean