Configurations Templating Review

I’ve successfully created templates for inclusion of DKIM milter settings to be pulled into the creation of /etc/postfix/main.cf. However, it took a bit of fiddling in order for the variables to actually get picked up and added to main.cf.

My understanding after reviewing Moritz’s Blog Post was that the partial template file would automatically get picked up after registration provided a .info file was created in /etc/univention/templates/info/. However, it wasn’t until I modified the univention-mail-postfix file to include a stanza for file that the registration/commit successfully created the main.cf file with the correct settings. See --> Inclusion in univention-mail-postfix

Is this correct?

My concern here is that any future updates to the univention-mail-postfix file will erase the stanza. If that’s the case, what is needed to ensure the .info file is properly included in any generation of the main.cf file?

I’ve been wondering about setting up DKIM myself. So this is actually working for you now and you are just concerned about updates? Maybe you can post up details on your setup when you’ve gotten an answer to this last bit. I think I’d like to implement it as well.

It would be nice to have DKIM be a built in option somehow. Seems like it’s become a fairly standard thing for mail services these days.

I agree. It is standard fair for mail servers and would be nice to have these options ready to implement in future releases of UCS.

I just added a second config template to enable masquerade/rewrite (the host is a .intranet) in main.cf and now the DKIM.info template isn’t getting picked up after pulling the stanza out of univention-mail-postfix.info. However, the single line for the masquerade.info file pulls in just fine.

It turned out to be a syntax problem in one of the .info files.

It appears I had a tab character versus a single space in the Multifile stanza.

Multifile: /etc/postfix/main.cf/15_my-postfix-addition

The line was being ignored and not added when issuing

ucr register my-postfix-addition

I used these two resources Cuberwerk SPF & DKIM and Kofler OpenDKIM to work through the particulars of the config and setup the DNS records. OpenDKIM Binaries are pulled from unmanaged repos. I have found it best to enable the repo, install the build, and disable the repo to ensure UCS updates aren’t tainted at the next update. Arguably, there isn’t a real need to create variables as these are established settings and could be hardcoded. I wanted to work through the variable setup for my own edification. Here are the templated milter configs:

/etc/univention/registry.info/variables/gracetx-postfix-milter.cfg

[mail/postfix/milter_default_action]
Description[de]=
Description[en]=This parameter determines how Postfix filter handles inbound SMTP connection errors. Reject will tell bad servers to 'go pound sand' and drop the connection.
Type=str
Categories=service-mail

[mail/postfix/milter_protocol]
Description[de]=
Description[en]=Default protocol is '6' for all Postfix versions greater than 2.6.
Type=str
Categories=service-mail

[mail/postfix/smtpd_milters]
Description[de]=
Description[en]=What port are we listening on to handle filtering. Default to inet:localhost:12345
Type=str
Categories=service-mail

[mail/postfix/non_smtpd_milters]
Description[de]=
Description[en]=For non-SMTP services like sendmail. Default to inet:localhost:12345
Type=str
Categories=service-mail

/etc/univention/templates/info/gracetx-postfix-milter.info

Type: subfile
Multifile: etc/postfix/main.cf
Subfile: etc/postfix/main.cf.d/15_gracetxmilter
Variables: mail/postfix/milter_default_action
Variables: mail/postfix/milter_protocol
Variables: mail/postfix/smtpd_milters
Variables: mail/postfix/non_smtpd_mitlers

/etc/univention/templates/files/etc/postfix/main.cf.d/15_gracetxmilter

@!@
print '\n# DKIM Milter settings'
print 'milter_default_action = %s' % (configRegistry.get('mail/postfix/milter_default_action', 'tempfail'),)
print 'milter_protocol = %s' % (configRegistry.get('mail/postfix/milter_protocol', '6'),)
print 'smtpd_milters = %s' % (configRegistry.get('mail/postfix/smtpd_milters', 'inet:localhost:12345'),)
print 'non_smtpd_milters = %s' % (configRegistry.get('mail/postifx/non_smtpd_milters', 'inet:localhost:12345'),)
@!@

Hope that helps.

Mastodon