Bug 44473 - Include "main.cf.local" in /etc/postfix/main.cf
Include "main.cf.local" in /etc/postfix/main.cf
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Mail
UCS 4.2
Other Linux
: P5 enhancement (vote)
: UCS 4.2-3-errata
Assigned To: Daniel Tröder
Sönke Schwardt-Krummrich
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-26 22:29 CEST by Sönke Schwardt-Krummrich
Modified: 2018-02-14 13:31 CET (History)
2 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2017-04-26 22:29:36 CEST
We should consider to include "/etc/postfix/main.cf.local" in "/etc/postfix/main.cf" if the file exists. This way, customers would be able to add custom postfix options in a simple way without the fear, that the custom changes are overwritten during next (package|system) update.
Comment 1 Daniel Tröder univentionstaff 2017-04-27 09:19:42 CEST
OK: just tested: if a setting exists twice, the last one overwrite the first and a warning is issued:



root@ucs26:/etc/postfix# grep message_size_limit main.cf
message_size_limit = 10240000
message_size_limit = 22240000
message_size_limit = 33240000

root@ucs26:/etc/postfix# postconf | grep message_size_limit
postconf: warning: /etc/postfix/main.cf, line 18: overriding earlier entry: message_size_limit=10240000
postconf: warning: /etc/postfix/main.cf, line 26: overriding earlier entry: message_size_limit=22240000
message_size_limit = 33240000

root@ucs26:/etc/postfix# systemctl restart postfix.service 
root@ucs26:/etc/postfix# systemctl status postfix.service 

[..]

Apr 27 09:18:53 ucs26 systemd[1]: Started LSB: start and stop the Postfix Mail Transport Agent.
Apr 27 09:18:53 ucs26 postfix/master[11577]: daemon started -- version 2.11.3, configuration /etc/postfix
Apr 27 09:18:53 ucs26 postfix/qmgr[11579]: warning: /etc/postfix/main.cf, line 18: overriding earlier entry: message_size_limit=10240000
Apr 27 09:18:53 ucs26 postfix/qmgr[11579]: warning: /etc/postfix/main.cf, line 26: overriding earlier entry: message_size_limit=22240000
Apr 27 09:18:53 ucs26 postfix/pickup[11578]: warning: /etc/postfix/main.cf, line 18: overriding earlier entry: message_size_limit=10240000
Apr 27 09:18:53 ucs26 postfix/pickup[11578]: warning: /etc/postfix/main.cf, line 26: overriding earlier entry: message_size_limit=22240000
Comment 2 Daniel Tröder univentionstaff 2017-06-21 08:27:50 CEST
Another request that could be satisfied by this: https://forge.univention.org/bugzilla/show_bug.cgi?id=44473
Comment 3 Daniel Tröder univentionstaff 2017-06-26 09:07:52 CEST
Happend, because we don't have this: https://help.univention.com/t/postfix-smtp-stopped-after-errata-49/5986/11
Comment 4 Philipp Hahn univentionstaff 2017-07-25 08:37:16 CEST
Another one: <https://help.univention.com/t/writing-entries-into-etc-postfix-virtual/6241>
Comment 5 Daniel Tröder univentionstaff 2017-09-15 10:52:06 CEST
master.cf also supports duplicate lines, using the last one found. So support was added for both files: /etc/postfix/{main,master}.cf.local

The postinst will create those files (empty) if they do not exist.
Non-existing and empty files will be ignored by the template.


Code: 327e46d..1ffbbc7
Advisory: 1ffbbc7..1b00d50

Package: univention-mail-postfix
Version: 11.0.1-17A~4.2.0.201709151041
Branch: ucs_4.2-0
Scope: errata4.2-2
Comment 6 Sönke Schwardt-Krummrich univentionstaff 2017-09-19 21:58:53 CEST
Cannot test this. listfilter seems to be broken on my OX system:

root@master50:/etc/postfix# ucr search mail/postfix/policy/listfilter
mail/postfix/policy/listfilter/debug: yes
mail/postfix/policy/listfilter/maxproc: <empty>
mail/postfix/policy/listfilter/use_sasl_username: yes
mail/postfix/policy/listfilter: yes

User uid=foobar uses foobar@nstx.local as mailPrimaryAddress:

swaks -s 10.200.18.50 -t grp1@nstx.local -tlsc -p 465 \
                                        -au foobar@nstx.local -ap univention
→
Aug 12 14:52:26 master50 postfix/smtpd[9392]: connect from unknown[10.205.2.20]
Aug 12 14:52:26 master50 listfilter[9398]: listfilter: sender='foobar@nstx.local' recipient='grp1@nstx.local' check_sasl_username=True
Aug 12 14:52:26 master50 listfilter[9398]: listfilter: attrib={'reverse_client_name': 'unknown', 'queue_id': '', 'ccert_subject': '', 'sasl_sender': '', 'protocol_state': 'RCPT', 'encryption_protocol': 'TLSv1.2', 'ccert_issuer': '', 'client_address': '10.205.2.20', 'size': '0', 'protocol_name': 'ESMTP', 'client_name': 'unknown', 'helo_name': 'dave.knut.univention.de', 'etrn_domain': '', 'instance': '24b0.598efa0a.9ce4c.0', 'encryption_keysize': '256', 'encryption_cipher': 'ECDHE-RSA-AES256-GCM-SHA384', 'ccert_fingerprint': '', 'recipient_count': '0', 'ccert_pubkey_fingerprint': '', 'sasl_method': 'LOGIN', 'recipient': 'grp1@nstx.local', 'sasl_username': 'foobar@nstx.local', 'stress': '', 'sender': 'sschwardt@dave.knut.univention.de', 'request': 'smtpd_access_policy'}
Aug 12 14:52:26 master50 listfilter[9398]: listfilter: allowed_user_dns=['uid=foobar,cn=users,dc=nstx,dc=local', 'uid=oxuser100,cn=users,dc=nstx,dc=local'] allowed_group_dns=[]
Aug 12 14:52:26 master50 listfilter[9398]: listfilter: action=REJECT Access denied for foobar@nstx.local to restricted list grp1@nstx.local
Aug 12 14:52:26 master50 postfix/smtpd[9392]: NOQUEUE: reject: RCPT from unknown[10.205.2.20]: 554 5.7.1 <grp1@nstx.local>: Recipient address rejected: Access denied for foobar@nstx.local to restricted list grp1@nstx.local; from=<sschwardt@dave.knut.univention.de> to=<grp1@nstx.local> proto=ESMTP helo=<dave.knut.univention.de>
Aug 12 14:52:26 master50 postfix/smtpd[9392]: disconnect from unknown[10.205.2.20]
Comment 7 Sönke Schwardt-Krummrich univentionstaff 2017-09-19 21:59:45 CEST
(In reply to Sönke Schwardt-Krummrich from comment #6)
> Cannot test this. listfilter seems to be broken on my OX system:
*YIKES* wrong bug, was meant for bug 44922.
Comment 8 Sönke Schwardt-Krummrich univentionstaff 2017-09-20 14:49:14 CEST
See branch sschwardt/44473/4.2/main.cf.local as improvement.
Btw: I think we should update the UCS manual regarding this new feature.
Comment 9 Daniel Tröder univentionstaff 2017-10-17 12:48:29 CEST
9c1d995a: add warning in main.cf/master
2486ad0e: mention filename in error message
4db0e2f3: advisory update

univention-mail-postfix 11.0.1-20A~4.2.0.201710171246
Comment 10 Sönke Schwardt-Krummrich univentionstaff 2018-01-17 17:53:33 CET
(In reply to Sönke Schwardt-Krummrich from comment #8)
> Btw: I think we should update the UCS manual regarding this new feature.

The manual changes are missing. We should document this feature, otherwise it will not be found by users.

OK: code change
OK: manual test
OK: automatic test
    → new test script → ucs-test/tests/40_mail/61_check_cf_local_files
REOPEN: manual update is missing


Tested via:
 echo "smtp_tls_loglevel = 3" > /etc/postfix/main.cf.local
 ucr commit /etc/postfix/main.cf
 cat /etc/postfix/main.cf
 rm /etc/postfix/main.cf.local
 ucr commit /etc/postfix/main.cf
 cat /etc/postfix/main.cf
Comment 11 Daniel Tröder univentionstaff 2018-01-22 15:34:09 CET
ucs
[4.2-3 03220233cf8] Bug #44473: add section about main.cf.local
[4.2-3 e44bf32b6b6] Bug #44473: german wording and add english version
[4.3-0 be4c5afd150] Bug #44473: add section about main.cf.local    
    (cherry picked from commit 03220233cf8)
[4.3-0 9cfe9d196ce] Bug #44473: german wording and add english version
        (cherry picked from commit e44bf32b6b6)
[4.3-0 103e222a2fa] Bug #44473: fix typos
[4.2-3 d0686d5f65e] Bug #44473: fix typos
        (cherry picked from commit 103e222a2fa)

docbook
[master 7564f90e61] Bug #44473: add concatenated words to dictionary

http://jenkins.knut.univention.de:8080/view/Doku/job/UCS-4.2/job/UCS-4.2-3/job/HandbookUCS/309/artifact/webroot/
Comment 12 Sönke Schwardt-Krummrich univentionstaff 2018-01-26 16:59:20 CET
Made some additional modifications to the manual and cherry-picked them to UCS 4.3-0.

All changes of 4.2-2 are also present in/identical with 4.2-3 and 4.3-0.

→ VERIFIED
Comment 13 Arvid Requate univentionstaff 2018-02-14 13:31:35 CET
<http://errata.software-univention.de/ucs/4.2/288.html>