From 64b3029bcb0a74553d9e913b1eebc2273d46d611 Mon Sep 17 00:00:00 2001
From: La sif serveur <david.beniamine@tetras-libre.fr>
Date: Wed, 31 Jan 2024 16:59:28 +0100
Subject: [PATCH] Fix postfix not sending mails from sympa

---
 docker-compose.yml                            |  5 ++--
 docker/postfix/etc/postfix/main.cf.append     |  4 ++--
 docker/postfix/etc/postfix/master.cf.append   |  8 +++----
 docker/postfix/etc/service/opendkim/log/run   | 10 ++++++++
 docker/postfix/etc/service/opendkim/run       | 24 ++++++++++++++-----
 docker/postfix/etc/service/postfix/run.config |  6 ++---
 .../etc/service/postfix/run.initialization    |  1 -
 docker/postfix/etc/service/saslauthd/run      |  3 +++
 8 files changed, 41 insertions(+), 20 deletions(-)
 create mode 100755 docker/postfix/etc/service/opendkim/log/run
 create mode 100755 docker/postfix/etc/service/saslauthd/run

diff --git a/docker-compose.yml b/docker-compose.yml
index 5f5a918..d85585f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -31,7 +31,6 @@ services:
       REMOTES:
     networks:
       - postfix
-      - default
 
   postfix:
     build: ./docker/postfix
@@ -45,7 +44,9 @@ services:
       - "./log/postfix:/var/log/postfix"
       - "spool_postfix:/var/spool/postfix"
     networks:
-      - postfix
+      postfix:
+        aliases:
+          - postfix_internal_smtp
     environment:
       POSTFIX_VIRTUAL_DOMAINS:
       MAILNAME:
diff --git a/docker/postfix/etc/postfix/main.cf.append b/docker/postfix/etc/postfix/main.cf.append
index 918596d..de7262b 100644
--- a/docker/postfix/etc/postfix/main.cf.append
+++ b/docker/postfix/etc/postfix/main.cf.append
@@ -25,8 +25,8 @@ sympabouncedomain_destination_recipient_limit = 1
 # DKIM
 milter_default_action = accept
 milter_protocol = 6
-smtpd_milters = inet:localhost:8892
-non_smtpd_milters = inet:localhost:8892
+smtpd_milters = inet:127.0.0.1:8891
+non_smtpd_milters = inet:127.0.0.1:8891
 smtpd_client_restrictions = check_client_access cidr:/etc/postfix/sinokorea.cidr
 
 smtpd_use_tls=yes
diff --git a/docker/postfix/etc/postfix/master.cf.append b/docker/postfix/etc/postfix/master.cf.append
index d4141ea..26b0640 100644
--- a/docker/postfix/etc/postfix/master.cf.append
+++ b/docker/postfix/etc/postfix/master.cf.append
@@ -14,12 +14,10 @@ sympabounce	unix	-	n	n	-	-	pipe
 sympabouncedomain	unix	-	n	n	-	-	pipe
   -o soft_bounce=yes
   flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue sympa@${domain}
-spamassassin unix -     n       n       -       -       pipe user=spamassassin argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
-submission inet n       -       -       -       -       smtpd
-  -o smtpd_enforce_tls=yes
-  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+spamassassin unix -     n       n       -       -       pipe
+  user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
 smtps     inet  n       -       -       -       -       smtpd
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o content_filter=spamassassin
diff --git a/docker/postfix/etc/service/opendkim/log/run b/docker/postfix/etc/service/opendkim/log/run
new file mode 100755
index 0000000..8cbb823
--- /dev/null
+++ b/docker/postfix/etc/service/opendkim/log/run
@@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+if [ "${LOG_TO_STDOUT}" != "1" ]; then
+  mkdir -p /var/log/opendkim
+  chown nobody:nogroup /var/log/opendkim
+
+  exec chpst -u nobody:nogroup svlogd -tt /var/log/opendkim
+else
+  exec chpst -u nobody:nogroup regex2json "^\\s*(?P<time___time__Stamp>\\S+ \\d+ \\d+:\\d+:\\d+) (?P<host>\\S+) (?P<program>\\S+)\\[(?P<pid___int>\\d+)\\]: (?:(?P<severity___optional>info|warning|error|fatal|panic): )?(?:(?P<id___optional>(?:[0-9A-F]{6,}|[0-9a-zA-Z]{12,})): )?(?P<msg>.+?)\\s*$"
+fi
diff --git a/docker/postfix/etc/service/opendkim/run b/docker/postfix/etc/service/opendkim/run
index e59351c..236c976 100755
--- a/docker/postfix/etc/service/opendkim/run
+++ b/docker/postfix/etc/service/opendkim/run
@@ -1,20 +1,28 @@
 #!/bin/bash
 sed -i.bak \
-    -e 's/^\(Socket.*local.*$\)/#\1/' \
-    -e 's/^#\(Socket.*inet\)/\1/' \
+    -e 's/^\(Socket.*$\)/#\1/' \
     /etc/opendkim.conf
 
+sed -i \
+    -e 's/^\(SOCKET=.*\)$/#\1/' \
+    /etc/default/opendkim
+
 cat >> /etc/opendkim.conf <<EOF
+Socket                  inet:8891@127.0.0.1
+BaseDirectory           /var/spool/postfix/opendkim/
 KeyTable                /etc/opendkim/KeyTable
 SigningTable            /etc/opendkim/SigningTable
 ExternalIgnoreList      /etc/opendkim/TrustedHosts
 InternalHosts           /etc/opendkim/TrustedHosts
 SenderHeaders             Sender,From,Return-Path
-Syslog yes
-SyslogSuccess Yes
 LogWhy Yes
+Syslog                  no
+SyslogSuccess           no
 EOF
 mkdir -p /etc/opendkim
+#mkdir -p /var/spool/postfix/opendkim
+#chmod 755 /var/spool/postfix/opendkim
+#chown -R opendkim:opendkim /var/spool/postfix/opendkim
 
 # Add docker trusted hosts
 echo "localhost" >> /etc/opendkim/TrustedHosts
@@ -23,8 +31,11 @@ echo "127.0.0.1" >> /etc/opendkim/TrustedHosts
 sleep 10
 for domain in $TRUSTED_HOSTS; do
     echo $domain >> /etc/opendkim/TrustedHosts
-    dig +short $domain >> /etc/opendkim/TrustedHosts
 done
+for net in $MY_NETWORKS; do
+    echo $net >>  /etc/opendkim/TrustedHosts
+done
+
 
 for domain in $MAILNAME $POSTFIX_VIRTUAL_DOMAINS; do
 	keydir="/etc/dkimkeys/$domain"
@@ -38,4 +49,5 @@ for domain in $MAILNAME $POSTFIX_VIRTUAL_DOMAINS; do
 	echo "$domain mail._domainkey.$domain" >> /etc/opendkim/SigningTable
 	echo "$domain" >> /etc/opendkim/TrustedHosts
 done
-exec /usr/sbin/opendkim -f -x /etc/opendkim.conf
+chown -R opendkim:opendkim /etc/dkimkeys/
+exec /usr/sbin/opendkim -v -f -x /etc/opendkim.conf
diff --git a/docker/postfix/etc/service/postfix/run.config b/docker/postfix/etc/service/postfix/run.config
index cdf571a..b415420 100755
--- a/docker/postfix/etc/service/postfix/run.config
+++ b/docker/postfix/etc/service/postfix/run.config
@@ -1,14 +1,12 @@
-cp /etc/postfix/main.cf.orig /etc/postfix/main.cf
-cp /etc/postfix/master.cf.orig /etc/postfix/master.cf
 sed "s/POSTFIX_VIRTUAL_DOMAINS/$POSTFIX_VIRTUAL_DOMAINS/g" /etc/postfix/main.cf.append >> /etc/postfix/main.cf
-cat /etc/postfix/master.cf.orig /etc/postfix/master.cf.append >> /etc/postfix/master.cf
+cat /etc/postfix/master.cf.append >> /etc/postfix/master.cf
 sed -i -e "s@LDAP_HOST@$LDAP_HOST@" \
     -e "s/LDAP_SEARCH_BASE/$LDAP_SEARCH_BASE/" \
     -e "s/LDAP_FILTER/$LDAP_FILTER/" \
     -e "s/LDAP_BIND_DN/$LDAP_BIND_DN/" \
     -e "s/LDAP_BIND_PASSWORD/$LDAP_BIND_PASSWORD/" \
     /etc/saslauthd.conf
-mkdir -p /var/spool/postfix/var/run/saslauthd
+usermod -a -G opendkim postfix
 set +e
 postfix set-permissions
 set -e
diff --git a/docker/postfix/etc/service/postfix/run.initialization b/docker/postfix/etc/service/postfix/run.initialization
index c240e1b..c710aa3 100755
--- a/docker/postfix/etc/service/postfix/run.initialization
+++ b/docker/postfix/etc/service/postfix/run.initialization
@@ -1,4 +1,3 @@
 if [ -e /etc/sympa/shared/id_rsa ]; then
   chown mailpipe /etc/sympa/shared/id_rsa*
 fi
-saslauthd -c -m /var/spool/postfix/var/run/saslauthd -a ldap -d &
diff --git a/docker/postfix/etc/service/saslauthd/run b/docker/postfix/etc/service/saslauthd/run
new file mode 100755
index 0000000..733d8a8
--- /dev/null
+++ b/docker/postfix/etc/service/saslauthd/run
@@ -0,0 +1,3 @@
+#!/bin/bash -e
+mkdir -p /var/spool/postfix/var/run/saslauthd
+exec saslauthd -c -m /var/spool/postfix/var/run/saslauthd -a ldap -d > /var/log/postfix/saslauthd.log 2>&1
-- 
GitLab