#!/usr/bin/env bash

###############
#//
#//  Postfix
#//
###############
# Postfix
postconf -e 'myorigin = $mydomain'
postconf -e 'inet_interfaces = all'
postconf -e 'inet_protocols = ipv4'
postconf -e 'smtp_address_preference = ipv4'
postconf -e 'message_size_limit = 0'
postconf -e 'mailbox_size_limit = 0'

# Touch aliases db
newaliases

# Logging
postconf -e "maillog_file = /var/log/maillog"

# Backup mail server specific settings
postconf -e 'maximal_queue_lifetime = 30d'
postconf -e 'minimal_backoff_time = 60s'
postconf -e 'relay_recipient_maps = '
postconf -e "relay_domains = lmdb:/etc/postfix/relaydomains"
postconf -e "transport_maps = lmdb:/etc/postfix/transportmaps"

# Security
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtp_tls_security_level = may'

postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop'
postconf -e 'smtp_tls_CApath = /etc/ssl/certs'
postconf -e "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
postconf -e 'smtp_tls_loglevel = 1'
openssl rehash /etc/ssl/certs || c_rehash /etc/ssl/certs

[ -d /etc/postfix/ssl/ ] || mkdir -p /etc/postfix/ssl/
postconf -e "smtpd_tls_key_file = /etc/postfix/ssl/tls.key"
postconf -e "smtpd_tls_cert_file = /etc/postfix/ssl/tls.pem"

# # Enforce TLSv1.2 or TLSv1.2
postconf -e "smtpd_tls_protocols = >=TLSv1.2"

# Spam filters (https://www.linuxbabe.com/mail-server/block-email-spam-postfix)
postconf -e "smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname"
postconf -e "smtpd_helo_required = yes"
postconf -e "smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, check_helo_access lmdb:/etc/postfix/helo_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname"
postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"

# Check postqueue every 5 seconds
install /dev/stdin /usr/local/bin/postqueue-check >/dev/null <<'postqueue'
#!/usr/bin/env bash
if postqueue -p | grep -q 'Mail queue is empty'
then
    exit 0
else
    postqueue -f
fi
postqueue