cleanup

2026-01-16 22:16:09 -06:00
parent 5122082914
commit f7fe285200
7 changed files with 251 additions and 95 deletions
--- a/DMS/docker-data/dms/config/postfix-main.cf
+++ b/DMS/docker-data/dms/config/postfix-main.cf
@@ -1,13 +0,0 @@
-# persistente Overrides
-smtp_host_lookup = dns
-smtp_tls_security_level = encrypt
-smtp_tls_note_starttls_offer = yes
-
-# smtp_sasl_auth_enable = yes
-# smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-# smtp_sasl_security_options = noanonymous
-
-# transport_maps = hash:/etc/postfix/transport
-
-header_checks = pcre:/etc/postfix/header_checks
-smtp_tls_loglevel = 1
--- a/DMS/docker-data/dms/config/postfix/header_checks
+++ b/DMS/docker-data/dms/config/postfix/header_checks
@@ -1,11 +0,0 @@
-# X-SES-CONFIGURATION-SET für ausgehende Mails
-/^Subject:/ PREPEND X-SES-CONFIGURATION-SET: relay-outbound
-
-# === DEBUG SECTION - Logging für Weitergeleitete Mails ===
-/^From:/        WARN Debugging: Original From Header
-/^To:/          WARN Debugging: To Header
-/^Return-Path:/ WARN Debugging: Return-Path
-/^X-Forwarded/  WARN Debugging: Forwarding detected
-
-# Entferne doppelte Delivered-To Headers bei Weiterleitungen
-/^Delivered-To:/  IGNORE
--- a/DMS/docker-data/dms/config/postfix/main.cf.append
+++ b/DMS/docker-data/dms/config/postfix/main.cf.append
@@ -1,3 +1,11 @@
 # Content Filter Configuration
-# Use transport_maps for selective filtering (only locals)
-transport_maps = regexp:/etc/postfix/local_transport_maps
+# Routes local/internal mail through content filter for forwarding and auto-reply
+
+# Use transport_maps for selective filtering
+# Only internal deliveries go through content filter
+# Transport map is auto-generated from postfix-accounts.cf by user-patches.sh
+transport_maps = regexp:/etc/postfix/local_transport_maps
+
+# Optional: If you want ALL local deliveries to go through filter (not recommended)
+# Uncomment this line and comment out transport_maps above:
+# content_filter = smtp:[localhost]:10025
--- a/DMS/docker-data/dms/config/postfix/sasl_passwd
+++ b/DMS/docker-data/dms/config/postfix/sasl_passwd
@@ -1 +0,0 @@
-[email-smtp.us-east-2.amazonaws.com]:587  AKIAU6G......../ARbpotim1m...........
--- a/DMS/docker-data/dms/config/postfix/smtp_header_checks
+++ b/DMS/docker-data/dms/config/postfix/smtp_header_checks
@@ -1,22 +0,0 @@
-# 1. EIGENE DOMAINS SCHÜTZEN (Whitelist)
-# Wenn der Absender @bayarea-cc.com oder @email-srvr.com ist, tue NICHTS (DUNNO).
-# Das Postfix bricht die Prüfung hier ab, die Mail bleibt original.
-/.*@bayarea-cc\.com/   DUNNO
-/.*@email-srvr\.com/   DUNNO
-/.*@andreasknuth\.de/   DUNNO
-# 2. FREMDE DOMAINS UMSCHREIBEN (Rewriting)
-# Nur wenn wir hier ankommen (also keine eigene Domain), schreiben wir um.
-# Ersetzt den Absender durch eine generische Adresse deiner Domain.
-
-# Fall A: Mit Name -> "Name (original@email)" <relay@deine-domain>
-/^From:(.*)\s+<(.*)>/ REPLACE From: "$1 ($2)" <ses@email-srvr.com>
-
-# Fall B: Ohne Name -> "original@email" <relay@deine-domain>
-/^From:\s*([^<>\s]+)$/ REPLACE From: "$1" <ses@email-srvr.com>
-
-# 3. AUFRÄUMEN
-# Return-Path im Header entfernen (verwirrt manche Clients, da SRS den Envelope regelt)
-/^Return-Path:/ IGNORE
-
-# Entferne Sieve-spezifische Headers bei Weiterleitungen
-/^\s*Delivered-To:/              IGNORE
--- a/DMS/docker-data/dms/config/user-patches.sh
+++ b/DMS/docker-data/dms/config/user-patches.sh
@@ -1,4 +1,6 @@
 #!/bin/bash
+# user-patches.sh - Optimized version with dynamic transport_maps generation
+
 set -euo pipefail

 CFG_ROOT="/tmp/docker-mailserver"
@@ -8,8 +10,15 @@ DST_DIR="/etc/postfix"
 echo "[user-patches.sh] Starting Postfix customizations..."

 # Existing patches (header_checks, etc.)
-install -D -m 0644 "$SRC_DIR/header_checks" "$DST_DIR/header_checks"
-install -D -m 0644 "$SRC_DIR/smtp_header_checks" "$DST_DIR/maps/sender_header_filter.pcre"
+if [ -f "$SRC_DIR/header_checks" ]; then
+    install -D -m 0644 "$SRC_DIR/header_checks" "$DST_DIR/header_checks"
+    echo "[user-patches.sh] ✓ header_checks installed"
+fi
+
+if [ -f "$SRC_DIR/smtp_header_checks" ]; then
+    install -D -m 0644 "$SRC_DIR/smtp_header_checks" "$DST_DIR/maps/sender_header_filter.pcre"
+    echo "[user-patches.sh] ✓ smtp_header_checks installed"
+fi

 # NEW: Append content filter configuration to main.cf
 if [ -f "$SRC_DIR/main.cf.append" ]; then
@@ -29,24 +38,79 @@ else
    echo "[user-patches.sh] ⚠ master.cf.append not found, skipping"
 fi

-# NEW: Create and postmap local_transport_maps for selective filtering
-echo "[user-patches.sh] Creating local_transport_maps..."
-install -D -m 0644 /dev/null "$DST_DIR/local_transport_maps"
-cat > "$DST_DIR/local_transport_maps" << 'EOF'
-# Filter only local/internal deliveries (adjust to your domains)
-/^.*@example\.com$/   smtp:[localhost]:10025  # Replace with your domains, e.g. /^.*@andreasknuth\.de$/
-/^.*@another-domain\.com$/   smtp:[localhost]:10025
+# NEW: Generate local_transport_maps dynamically from postfix-accounts.cf
+echo "[user-patches.sh] Generating local_transport_maps..."
+
+TRANSPORT_MAP="$DST_DIR/local_transport_maps"
+ACCOUNTS_FILE="$CFG_ROOT/postfix-accounts.cf"
+
+# Create empty transport map
+> "$TRANSPORT_MAP"
+
+if [ -f "$ACCOUNTS_FILE" ]; then
+    # Extract unique domains from postfix-accounts.cf
+    # Format of postfix-accounts.cf: user@domain.com|{PLAIN}password
+    
+    echo "# Auto-generated transport map for content filter" >> "$TRANSPORT_MAP"
+    echo "# Generated at: $(date)" >> "$TRANSPORT_MAP"
+    echo "" >> "$TRANSPORT_MAP"
+    
+    # Extract domains and create regex patterns
+    awk -F'@|\\|' '{print $2}' "$ACCOUNTS_FILE" | \
+        sort -u | \
+        while read -r domain; do
+            if [ -n "$domain" ]; then
+                # Escape dots for regex
+                escaped_domain=$(echo "$domain" | sed 's/\./\\./g')
+                echo "/^.*@${escaped_domain}\$/ smtp:[localhost]:10025" >> "$TRANSPORT_MAP"
+                echo "[user-patches.sh]   - Added filter for: $domain"
+            fi
+        done
+    
+    # Compile the map
+    if [ -s "$TRANSPORT_MAP" ]; then
+        postmap "$TRANSPORT_MAP"
+        echo "[user-patches.sh] ✓ local_transport_maps created with $(grep -c '^/' "$TRANSPORT_MAP" || echo 0) domains"
+    else
+        echo "[user-patches.sh] ⚠ No domains found in $ACCOUNTS_FILE"
+    fi
+else
+    echo "[user-patches.sh] ⚠ $ACCOUNTS_FILE not found, creating minimal transport_maps"
+    
+    # Fallback: Create minimal config
+    cat > "$TRANSPORT_MAP" << 'EOF'
+# Minimal transport map - edit manually or populate postfix-accounts.cf
+# Format: /^.*@domain\.com$/ smtp:[localhost]:10025
+
+# Example (replace with your domains):
+# /^.*@example\.com$/ smtp:[localhost]:10025
+# /^.*@another\.com$/ smtp:[localhost]:10025
 EOF
-postmap "$DST_DIR/local_transport_maps"
-echo "[user-patches.sh] ✓ local_transport_maps created and mapped"
+    postmap "$TRANSPORT_MAP"
+fi

 # Verify content filter script exists and is executable
 if [ -x "/usr/local/bin/content_filter.py" ]; then
    echo "[user-patches.sh] ✓ Content filter script found"
+    
+    # Test Python dependencies
+    if python3 -c "import boto3" 2>/dev/null; then
+        echo "[user-patches.sh] ✓ boto3 installed"
+    else
+        echo "[user-patches.sh] ⚠ WARNING: boto3 not installed!"
+    fi
 else
    echo "[user-patches.sh] ⚠ WARNING: content_filter.py not found or not executable!"
 fi

+# Create log file if it doesn't exist
+if [ ! -f "/var/log/mail/content_filter.log" ]; then
+    touch /var/log/mail/content_filter.log
+    chown mail:mail /var/log/mail/content_filter.log
+    chmod 644 /var/log/mail/content_filter.log
+    echo "[user-patches.sh] ✓ Created content_filter.log"
+fi
+
 echo "[user-patches.sh] Postfix customizations complete"

 # Postfix neu laden (nachdem docker-mailserver seine eigene Konfig geladen hat)
				`@@ -1 +0,0 @@`
				`[email-smtp.us-east-2.amazonaws.com]:587 AKIAU6G......../ARbpotim1m...........`