DMS update

DMS/docker-data/dms/config/postfix-main.cf

@@ -0,0 +1,13 @@
+# persistente Overrides
+smtp_host_lookup = dns
+smtp_tls_security_level = encrypt
+smtp_tls_note_starttls_offer = yes
+
+# smtp_sasl_auth_enable = yes
+# smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+# smtp_sasl_security_options = noanonymous
+
+# transport_maps = hash:/etc/postfix/transport
+
+header_checks = pcre:/etc/postfix/header_checks
+smtp_tls_loglevel = 1

DMS/docker-data/dms/config/postfix/header_checks

@@ -0,0 +1,11 @@
+# X-SES-CONFIGURATION-SET für ausgehende Mails
+/^Subject:/ PREPEND X-SES-CONFIGURATION-SET: relay-outbound
+
+# === DEBUG SECTION - Logging für Weitergeleitete Mails ===
+/^From:/        WARN Debugging: Original From Header
+/^To:/          WARN Debugging: To Header
+/^Return-Path:/ WARN Debugging: Return-Path
+/^X-Forwarded/  WARN Debugging: Forwarding detected
+
+# Entferne doppelte Delivered-To Headers bei Weiterleitungen
+/^Delivered-To:/  IGNORE

DMS/docker-data/dms/config/postfix/sasl_passwd

@@ -0,0 +1 @@
+[email-smtp.us-east-2.amazonaws.com]:587  AKIAU6G......../ARbpotim1m...........

DMS/docker-data/dms/config/postfix/smtp_header_checks

@@ -0,0 +1,22 @@
+# 1. EIGENE DOMAINS SCHÜTZEN (Whitelist)
+# Wenn der Absender @bayarea-cc.com oder @email-srvr.com ist, tue NICHTS (DUNNO).
+# Das Postfix bricht die Prüfung hier ab, die Mail bleibt original.
+/.*@bayarea-cc\.com/   DUNNO
+/.*@email-srvr\.com/   DUNNO
+/.*@andreasknuth\.de/   DUNNO
+# 2. FREMDE DOMAINS UMSCHREIBEN (Rewriting)
+# Nur wenn wir hier ankommen (also keine eigene Domain), schreiben wir um.
+# Ersetzt den Absender durch eine generische Adresse deiner Domain.
+
+# Fall A: Mit Name -> "Name (original@email)" <relay@deine-domain>
+/^From:(.*)\s+<(.*)>/ REPLACE From: "$1 ($2)" <ses@email-srvr.com>
+
+# Fall B: Ohne Name -> "original@email" <relay@deine-domain>
+/^From:\s*([^<>\s]+)$/ REPLACE From: "$1" <ses@email-srvr.com>
+
+# 3. AUFRÄUMEN
+# Return-Path im Header entfernen (verwirrt manche Clients, da SRS den Envelope regelt)
+/^Return-Path:/ IGNORE
+
+# Entferne Sieve-spezifische Headers bei Weiterleitungen
+/^\s*Delivered-To:/              IGNORE

DMS/docker-data/dms/config/postfix/transport

@@ -0,0 +1,10 @@
+outlook.com     smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.outlook.com    smtp:[email-smtp.us-east-2.amazonaws.com]:587
+live.com        smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.live.com       smtp:[email-smtp.us-east-2.amazonaws.com]:587
+msn.com         smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.msn.com        smtp:[email-smtp.us-east-2.amazonaws.com]:587
+hotmail.com     smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.hotmail.com    smtp:[email-smtp.us-east-2.amazonaws.com]:587
+iitwelders.com     smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.iitwelderstp:[email-smtp.us-east-2.amazonaws.com]:587

DMS/docker-data/dms/config/user-patches.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+set -euo pipefail
+
+CFG_ROOT="/tmp/docker-mailserver"
+SRC_DIR="$CFG_ROOT/postfix"
+DST_DIR="/etc/postfix"
+
+# Dateien nach /etc/postfix kopieren (oder aktualisieren)
+# install -D -m 0644 "$SRC_DIR/transport"   "$DST_DIR/transport"
+# install -D -m 0600 "$SRC_DIR/sasl_passwd" "$DST_DIR/sasl_passwd"
+install -D -m 0644 "$SRC_DIR/header_checks"  "$DST_DIR/header_checks"
+install -D -m 0644 "$SRC_DIR/smtp_header_checks" "$DST_DIR/maps/sender_header_filter.pcre"
+
+# Maps bauen
+# postmap "$DST_DIR/transport"
+# postmap "$DST_DIR/sasl_passwd"
+
+# Rechte auf die .db-Helferdatei
+# chmod 600 "$DST_DIR/sasl_passwd.db" || true
+
+# rm -f /etc/dovecot/conf.d/95-sieve-redirect.conf
+
+# Postfix neu laden (nachdem docker-mailserver seine eigene Konfig geladen hat)
+postfix reload || true