Univention Bugzilla – Bug 44473
Include "main.cf.local" in /etc/postfix/main.cf
Last modified: 2018-02-14 13:31:35 CET
We should consider to include "/etc/postfix/main.cf.local" in "/etc/postfix/main.cf" if the file exists. This way, customers would be able to add custom postfix options in a simple way without the fear, that the custom changes are overwritten during next (package|system) update.
OK: just tested: if a setting exists twice, the last one overwrite the first and a warning is issued: root@ucs26:/etc/postfix# grep message_size_limit main.cf message_size_limit = 10240000 message_size_limit = 22240000 message_size_limit = 33240000 root@ucs26:/etc/postfix# postconf | grep message_size_limit postconf: warning: /etc/postfix/main.cf, line 18: overriding earlier entry: message_size_limit=10240000 postconf: warning: /etc/postfix/main.cf, line 26: overriding earlier entry: message_size_limit=22240000 message_size_limit = 33240000 root@ucs26:/etc/postfix# systemctl restart postfix.service root@ucs26:/etc/postfix# systemctl status postfix.service [..] Apr 27 09:18:53 ucs26 systemd[1]: Started LSB: start and stop the Postfix Mail Transport Agent. Apr 27 09:18:53 ucs26 postfix/master[11577]: daemon started -- version 2.11.3, configuration /etc/postfix Apr 27 09:18:53 ucs26 postfix/qmgr[11579]: warning: /etc/postfix/main.cf, line 18: overriding earlier entry: message_size_limit=10240000 Apr 27 09:18:53 ucs26 postfix/qmgr[11579]: warning: /etc/postfix/main.cf, line 26: overriding earlier entry: message_size_limit=22240000 Apr 27 09:18:53 ucs26 postfix/pickup[11578]: warning: /etc/postfix/main.cf, line 18: overriding earlier entry: message_size_limit=10240000 Apr 27 09:18:53 ucs26 postfix/pickup[11578]: warning: /etc/postfix/main.cf, line 26: overriding earlier entry: message_size_limit=22240000
Another request that could be satisfied by this: https://forge.univention.org/bugzilla/show_bug.cgi?id=44473
Happend, because we don't have this: https://help.univention.com/t/postfix-smtp-stopped-after-errata-49/5986/11
Another one: <https://help.univention.com/t/writing-entries-into-etc-postfix-virtual/6241>
master.cf also supports duplicate lines, using the last one found. So support was added for both files: /etc/postfix/{main,master}.cf.local The postinst will create those files (empty) if they do not exist. Non-existing and empty files will be ignored by the template. Code: 327e46d..1ffbbc7 Advisory: 1ffbbc7..1b00d50 Package: univention-mail-postfix Version: 11.0.1-17A~4.2.0.201709151041 Branch: ucs_4.2-0 Scope: errata4.2-2
Cannot test this. listfilter seems to be broken on my OX system: root@master50:/etc/postfix# ucr search mail/postfix/policy/listfilter mail/postfix/policy/listfilter/debug: yes mail/postfix/policy/listfilter/maxproc: <empty> mail/postfix/policy/listfilter/use_sasl_username: yes mail/postfix/policy/listfilter: yes User uid=foobar uses foobar@nstx.local as mailPrimaryAddress: swaks -s 10.200.18.50 -t grp1@nstx.local -tlsc -p 465 \ -au foobar@nstx.local -ap univention → Aug 12 14:52:26 master50 postfix/smtpd[9392]: connect from unknown[10.205.2.20] Aug 12 14:52:26 master50 listfilter[9398]: listfilter: sender='foobar@nstx.local' recipient='grp1@nstx.local' check_sasl_username=True Aug 12 14:52:26 master50 listfilter[9398]: listfilter: attrib={'reverse_client_name': 'unknown', 'queue_id': '', 'ccert_subject': '', 'sasl_sender': '', 'protocol_state': 'RCPT', 'encryption_protocol': 'TLSv1.2', 'ccert_issuer': '', 'client_address': '10.205.2.20', 'size': '0', 'protocol_name': 'ESMTP', 'client_name': 'unknown', 'helo_name': 'dave.knut.univention.de', 'etrn_domain': '', 'instance': '24b0.598efa0a.9ce4c.0', 'encryption_keysize': '256', 'encryption_cipher': 'ECDHE-RSA-AES256-GCM-SHA384', 'ccert_fingerprint': '', 'recipient_count': '0', 'ccert_pubkey_fingerprint': '', 'sasl_method': 'LOGIN', 'recipient': 'grp1@nstx.local', 'sasl_username': 'foobar@nstx.local', 'stress': '', 'sender': 'sschwardt@dave.knut.univention.de', 'request': 'smtpd_access_policy'} Aug 12 14:52:26 master50 listfilter[9398]: listfilter: allowed_user_dns=['uid=foobar,cn=users,dc=nstx,dc=local', 'uid=oxuser100,cn=users,dc=nstx,dc=local'] allowed_group_dns=[] Aug 12 14:52:26 master50 listfilter[9398]: listfilter: action=REJECT Access denied for foobar@nstx.local to restricted list grp1@nstx.local Aug 12 14:52:26 master50 postfix/smtpd[9392]: NOQUEUE: reject: RCPT from unknown[10.205.2.20]: 554 5.7.1 <grp1@nstx.local>: Recipient address rejected: Access denied for foobar@nstx.local to restricted list grp1@nstx.local; from=<sschwardt@dave.knut.univention.de> to=<grp1@nstx.local> proto=ESMTP helo=<dave.knut.univention.de> Aug 12 14:52:26 master50 postfix/smtpd[9392]: disconnect from unknown[10.205.2.20]
(In reply to Sönke Schwardt-Krummrich from comment #6) > Cannot test this. listfilter seems to be broken on my OX system: *YIKES* wrong bug, was meant for bug 44922.
See branch sschwardt/44473/4.2/main.cf.local as improvement. Btw: I think we should update the UCS manual regarding this new feature.
9c1d995a: add warning in main.cf/master 2486ad0e: mention filename in error message 4db0e2f3: advisory update univention-mail-postfix 11.0.1-20A~4.2.0.201710171246
(In reply to Sönke Schwardt-Krummrich from comment #8) > Btw: I think we should update the UCS manual regarding this new feature. The manual changes are missing. We should document this feature, otherwise it will not be found by users. OK: code change OK: manual test OK: automatic test → new test script → ucs-test/tests/40_mail/61_check_cf_local_files REOPEN: manual update is missing Tested via: echo "smtp_tls_loglevel = 3" > /etc/postfix/main.cf.local ucr commit /etc/postfix/main.cf cat /etc/postfix/main.cf rm /etc/postfix/main.cf.local ucr commit /etc/postfix/main.cf cat /etc/postfix/main.cf
ucs [4.2-3 03220233cf8] Bug #44473: add section about main.cf.local [4.2-3 e44bf32b6b6] Bug #44473: german wording and add english version [4.3-0 be4c5afd150] Bug #44473: add section about main.cf.local (cherry picked from commit 03220233cf8) [4.3-0 9cfe9d196ce] Bug #44473: german wording and add english version (cherry picked from commit e44bf32b6b6) [4.3-0 103e222a2fa] Bug #44473: fix typos [4.2-3 d0686d5f65e] Bug #44473: fix typos (cherry picked from commit 103e222a2fa) docbook [master 7564f90e61] Bug #44473: add concatenated words to dictionary http://jenkins.knut.univention.de:8080/view/Doku/job/UCS-4.2/job/UCS-4.2-3/job/HandbookUCS/309/artifact/webroot/
Made some additional modifications to the manual and cherry-picked them to UCS 4.3-0. All changes of 4.2-2 are also present in/identical with 4.2-3 and 4.3-0. → VERIFIED
<http://errata.software-univention.de/ucs/4.2/288.html>