From c75975d59e7cb4d8b25b67792c4b74b60b35545d Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Tue, 5 Dec 2023 17:16:39 +1300
Subject: [PATCH] chore: Postfix should integrate Dovecot at runtime (#3681)

* chore: Better establish startup scope

* chore: Configure `main.cf` for Dovecot at runtime
---
 CHANGELOG.md                                  |  2 ++
 target/postfix/main.cf                        |  6 ++--
 target/scripts/helpers/aliases.sh             |  1 +
 target/scripts/start-mailserver.sh            | 12 ++++----
 target/scripts/startup/setup.d/postfix.sh     | 30 +++++++++++++++----
 .../startup/setup.d/security/spoofing.sh      |  3 ++
 6 files changed, 40 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8ecfbe55..5d539271 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,8 @@ All notable changes to this project will be documented in this file. The format
 
 - **Documentation:**
   - Raise awareness in the troubleshooting page for a common misconfiguration when deviating from our advice by using a bare domain ([#3680](https://github.com/docker-mailserver/docker-mailserver/pull/3680))
+- **Internal:**
+  - Postfix configures `virtual_mailbox_maps` and `virtual_transport` during startup instead of using defaults (configured for Dovecot) via our `main.cf` ([#3681](https://github.com/docker-mailserver/docker-mailserver/pull/3681))
 
 ### Fixed
 
diff --git a/target/postfix/main.cf b/target/postfix/main.cf
index 405dc0fb..8c329c94 100644
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@@ -88,10 +88,10 @@ smtpd_sasl_security_options = noanonymous
 smtpd_sasl_local_domain = $mydomain
 broken_sasl_auth_clients = yes
 
-# Mail directory
-virtual_transport = lmtp:unix:/var/run/dovecot/lmtp
+# Postfix lookup tables for verifying valid users and managed mail domains:
+# Populated during startup in: scripts/helpers/postfix.sh
 virtual_mailbox_domains = /etc/postfix/vhost
-virtual_mailbox_maps = texthash:/etc/postfix/vmailbox
+# Populated during startup in: scripts/helpers/aliases.sh
 virtual_alias_maps = texthash:/etc/postfix/virtual
 
 # Milters used by DKIM
diff --git a/target/scripts/helpers/aliases.sh b/target/scripts/helpers/aliases.sh
index 0890d994..04a56da3 100644
--- a/target/scripts/helpers/aliases.sh
+++ b/target/scripts/helpers/aliases.sh
@@ -23,6 +23,7 @@ function _handle_postfix_virtual_config() {
   fi
 }
 
+# TODO: Investigate why this file is always created, nothing seems to append only the cp below?
 function _handle_postfix_regexp_config() {
   : >/etc/postfix/regexp
 
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index fa8214e1..aadac2b5 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -91,20 +91,22 @@ function _register_functions() {
   _register_setup_function '_setup_dovecot_hostname'
 
   _register_setup_function '_setup_postfix_early'
-  _register_setup_function '_setup_fetchmail'
-  _register_setup_function '_setup_fetchmail_parallel'
 
-  # needs to come after _setup_postfix_early
+  # Dependent upon _setup_postfix_early first calling _create_aliases
+  # Due to conditional check for /etc/postfix/regexp
   _register_setup_function '_setup_spoof_protection'
 
-  _register_setup_function '_setup_getmail'
+  _register_setup_function '_setup_postfix_late'
 
   if [[ ${ENABLE_SRS} -eq 1  ]]; then
     _register_setup_function '_setup_SRS'
     _register_start_daemon '_start_daemon_postsrsd'
   fi
 
-  _register_setup_function '_setup_postfix_late'
+  _register_setup_function '_setup_fetchmail'
+  _register_setup_function '_setup_fetchmail_parallel'
+  _register_setup_function '_setup_getmail'
+
   _register_setup_function '_setup_logrotate'
   _register_setup_function '_setup_mail_summary'
   _register_setup_function '_setup_logwatch'
diff --git a/target/scripts/startup/setup.d/postfix.sh b/target/scripts/startup/setup.d/postfix.sh
index 0d7cb1ae..126a195c 100644
--- a/target/scripts/startup/setup.d/postfix.sh
+++ b/target/scripts/startup/setup.d/postfix.sh
@@ -30,18 +30,25 @@ mech_list: plain login
 EOF
   fi
 
+  # User has explicitly requested to disable SASL auth:
+  # TODO: Additive config by feature would be better. Should only enable SASL auth
+  # on submission(s) services in master.cf when SASLAuthd or Dovecot is enabled.
   if [[ ${ENABLE_SASLAUTHD} -eq 0 ]] && [[ ${SMTP_ONLY} -eq 1 ]]; then
+    # Default for services (eg: Port 25); NOTE: This has since become the default:
     sed -i -E \
       's|^smtpd_sasl_auth_enable =.*|smtpd_sasl_auth_enable = no|g' \
       /etc/postfix/main.cf
+    # Submission services that are explicitly enabled by default:
     sed -i -E \
       's|^  -o smtpd_sasl_auth_enable=.*|  -o smtpd_sasl_auth_enable=no|g' \
       /etc/postfix/master.cf
   fi
 
+  # scripts/helpers/aliases.sh:_create_aliases()
   __postfix__log 'trace' 'Setting up aliases'
   _create_aliases
 
+  # scripts/helpers/postfix.sh:_create_postfix_vhost()
   __postfix__log 'trace' 'Setting up Postfix vhost'
   _create_postfix_vhost
 
@@ -63,6 +70,23 @@ EOF
       's|^(dms_smtpd_sender_restrictions = .*)|\1, reject_unknown_client_hostname|' \
       /etc/postfix/main.cf
   fi
+
+  # Dovecot feature integration
+  # TODO: Alias SMTP_ONLY=0 to DOVECOT_ENABLED=1?
+  if [[ ${SMTP_ONLY} -ne 1 ]]; then
+    __postfix__log 'trace' 'Configuring Postfix with Dovecot integration'
+
+    # /etc/postfix/vmailbox is created by: scripts/helpers/accounts.sh:_create_accounts()
+    # This file config is for Postfix to verify a mail account exists before accepting
+    # mail arriving and delivering it to Dovecot over LMTP.
+    postconf 'virtual_mailbox_maps = texthash:/etc/postfix/vmailbox'
+    postconf 'virtual_transport = lmtp:unix:/var/run/dovecot/lmtp'
+  fi
+
+  if [[ -n ${POSTFIX_DAGENT} ]]; then
+    __postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
+    postconf "virtual_transport = ${POSTFIX_DAGENT}"
+  fi
 }
 
 function _setup_postfix_late() {
@@ -80,12 +104,6 @@ function _setup_postfix_late() {
   __postfix__log 'trace' 'Configuring relay host'
   _setup_relayhost
 
-  if [[ -n ${POSTFIX_DAGENT} ]]; then
-    __postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
-    # Default value in main.cf should be 'lmtp:unix:/var/run/dovecot/lmtp'
-    postconf "virtual_transport = ${POSTFIX_DAGENT}"
-  fi
-
   __postfix__setup_override_configuration
 }
 
diff --git a/target/scripts/startup/setup.d/security/spoofing.sh b/target/scripts/startup/setup.d/security/spoofing.sh
index 7c38821d..ffefb279 100644
--- a/target/scripts/startup/setup.d/security/spoofing.sh
+++ b/target/scripts/startup/setup.d/security/spoofing.sh
@@ -11,6 +11,9 @@ function _setup_spoof_protection() {
         postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf'
       fi
     else
+      # NOTE: This file is always created at startup, it potentially has content added.
+      # TODO: From section: "SPOOF_PROTECTION=1 handling for smtpd_sender_login_maps"
+      # https://github.com/docker-mailserver/docker-mailserver/issues/2819#issue-1402114383
       if [[ -f /etc/postfix/regexp ]]; then
         postconf 'smtpd_sender_login_maps = unionmap:{ texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre, pcre:/etc/postfix/regexp }'
       else