DMS update

DMS/docker-compose.yml

@@ -18,6 +18,7 @@ services:
       - ./docker-data/dms/mail-state/:/var/mail-state/
       - ./docker-data/dms/mail-logs/:/var/log/mail/
       - ./docker-data/dms/config/:/tmp/docker-mailserver/
+      - ./docker-data/dms/config/dovecot/conf.d/95-sieve-redirect.conf:/etc/dovecot/conf.d/95-sieve-redirect.conf:ro
       - /etc/localtime:/etc/localtime:ro
     environment:
       # Wichtig: Rspamd und andere Services deaktivieren für ersten Test
@@ -46,10 +47,10 @@ services:
       - SSL_CERT_PATH=/tmp/docker-mailserver/ssl/cert.pem
       - SSL_KEY_PATH=/tmp/docker-mailserver/ssl/key.pem
       # Amazon SES SMTP Relay
-      # - RELAY_HOST=email-smtp.us-east-2.amazonaws.com
+      - RELAY_HOST=email-smtp.us-east-2.amazonaws.com
-      # - RELAY_PORT=587
+      - RELAY_PORT=587
-      # - RELAY_USER=${SES_SMTP_USER}
+      - RELAY_USER=${SES_SMTP_USER}
-      # - RELAY_PASSWORD=${SES_SMTP_PASSWORD}
+      - RELAY_PASSWORD=${SES_SMTP_PASSWORD}
       # Weitere Einstellungen
       - POSTFIX_OVERRIDE_HOSTNAME=email-srvr.com
       - POSTFIX_MYNETWORKS=172.16.0.0/12 172.17.0.0/12 172.18.0.0/12 [::1]/128 [fe80::]/64
@@ -57,10 +58,13 @@ services:
       - POSTFIX_MESSAGE_SIZE_LIMIT=0
       - SPOOF_PROTECTION=0
       - ENABLE_SRS=1
-      - SRS_SENDER_CLASSES=envelope_sender,header_sender
+      - SRS_EXCLUDE_DOMAINS=andreasknuth.de,bayarea-cc.com,bizmatch.net,hotshpotshgallery.com
+      - SRS_SENDER_CLASSES=envelope_sender
       - SRS_SECRET=EBk/ndWRA2s8ZMQFIXq0mJnS6SRbgoj77wv00PZNpNw=
+      - SRS_DOMAINNAME=email-srvr.com
+        #- SRS_DOMAINNAME=bayarea-cc.com
       # Debug-Einstellungen
-      - LOG_LEVEL=debug
+      - LOG_LEVEL=info
     cap_add:
       - NET_ADMIN
       - SYS_PTRACE

DMS/docker-data/dms/config/postfix-main.cf

@@ -0,0 +1,13 @@
+# persistente Overrides
+smtp_host_lookup = dns
+smtp_tls_security_level = encrypt
+smtp_tls_note_starttls_offer = yes
+
+# smtp_sasl_auth_enable = yes
+# smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+# smtp_sasl_security_options = noanonymous
+
+# transport_maps = hash:/etc/postfix/transport
+
+header_checks = pcre:/etc/postfix/header_checks
+smtp_tls_loglevel = 1

DMS/docker-data/dms/config/postfix/header_checks

@@ -0,0 +1,11 @@
+# X-SES-CONFIGURATION-SET für ausgehende Mails
+/^Subject:/ PREPEND X-SES-CONFIGURATION-SET: relay-outbound
+
+# === DEBUG SECTION - Logging für Weitergeleitete Mails ===
+/^From:/        WARN Debugging: Original From Header
+/^To:/          WARN Debugging: To Header
+/^Return-Path:/ WARN Debugging: Return-Path
+/^X-Forwarded/  WARN Debugging: Forwarding detected
+
+# Entferne doppelte Delivered-To Headers bei Weiterleitungen
+/^Delivered-To:/  IGNORE

DMS/docker-data/dms/config/postfix/sasl_passwd

@@ -0,0 +1 @@
+[email-smtp.us-east-2.amazonaws.com]:587  AKIAU6G......../ARbpotim1m...........

DMS/docker-data/dms/config/postfix/smtp_header_checks

@@ -0,0 +1,22 @@
+# 1. EIGENE DOMAINS SCHÜTZEN (Whitelist)
+# Wenn der Absender @bayarea-cc.com oder @email-srvr.com ist, tue NICHTS (DUNNO).
+# Das Postfix bricht die Prüfung hier ab, die Mail bleibt original.
+/.*@bayarea-cc\.com/   DUNNO
+/.*@email-srvr\.com/   DUNNO
+/.*@andreasknuth\.de/   DUNNO
+# 2. FREMDE DOMAINS UMSCHREIBEN (Rewriting)
+# Nur wenn wir hier ankommen (also keine eigene Domain), schreiben wir um.
+# Ersetzt den Absender durch eine generische Adresse deiner Domain.
+
+# Fall A: Mit Name -> "Name (original@email)" <relay@deine-domain>
+/^From:(.*)\s+<(.*)>/ REPLACE From: "$1 ($2)" <ses@email-srvr.com>
+
+# Fall B: Ohne Name -> "original@email" <relay@deine-domain>
+/^From:\s*([^<>\s]+)$/ REPLACE From: "$1" <ses@email-srvr.com>
+
+# 3. AUFRÄUMEN
+# Return-Path im Header entfernen (verwirrt manche Clients, da SRS den Envelope regelt)
+/^Return-Path:/ IGNORE
+
+# Entferne Sieve-spezifische Headers bei Weiterleitungen
+/^\s*Delivered-To:/              IGNORE

DMS/docker-data/dms/config/postfix/transport

@@ -0,0 +1,10 @@
+outlook.com     smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.outlook.com    smtp:[email-smtp.us-east-2.amazonaws.com]:587
+live.com        smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.live.com       smtp:[email-smtp.us-east-2.amazonaws.com]:587
+msn.com         smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.msn.com        smtp:[email-smtp.us-east-2.amazonaws.com]:587
+hotmail.com     smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.hotmail.com    smtp:[email-smtp.us-east-2.amazonaws.com]:587
+iitwelders.com     smtp:[email-smtp.us-east-2.amazonaws.com]:587
+.iitwelderstp:[email-smtp.us-east-2.amazonaws.com]:587

DMS/docker-data/dms/config/user-patches.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+set -euo pipefail
+
+CFG_ROOT="/tmp/docker-mailserver"
+SRC_DIR="$CFG_ROOT/postfix"
+DST_DIR="/etc/postfix"
+
+# Dateien nach /etc/postfix kopieren (oder aktualisieren)
+# install -D -m 0644 "$SRC_DIR/transport"   "$DST_DIR/transport"
+# install -D -m 0600 "$SRC_DIR/sasl_passwd" "$DST_DIR/sasl_passwd"
+install -D -m 0644 "$SRC_DIR/header_checks"  "$DST_DIR/header_checks"
+install -D -m 0644 "$SRC_DIR/smtp_header_checks" "$DST_DIR/maps/sender_header_filter.pcre"
+
+# Maps bauen
+# postmap "$DST_DIR/transport"
+# postmap "$DST_DIR/sasl_passwd"
+
+# Rechte auf die .db-Helferdatei
+# chmod 600 "$DST_DIR/sasl_passwd.db" || true
+
+# rm -f /etc/dovecot/conf.d/95-sieve-redirect.conf
+
+# Postfix neu laden (nachdem docker-mailserver seine eigene Konfig geladen hat)
+postfix reload || true