New handling for custom Postfix and Dovecot config - Questions/Remarks

Discussion in 'Installation/Configuration' started by Steini86, Mar 23, 2021.

  1. Steini86

    Steini86 Active Member

    Hi,
    I tried the new method for custom Postfix and Dovecot configs. I have a few questions/remarks. First of all, I appreciate this new option. Thanks! The postfix config works nicely. I had some trouble with the dovecot config. I guess that postfix is easier as settings can just be changed by "postconf".

    Postfix
    1) A long time ago I had mailman installed. It is no longer running, but somehow ispconfig still wants to add the config to main.cf. How can I tell ISPC that I do no longer want mailman configs written here? (Overwriting these settings just to remove the config is not what I want)

    2) To create my file, I compared the new ISPC file with a backup and put the changes into the new postfix_custom.conf.master file.
    Now I have only settings in that file where I deviate from ISPC. However, I have additional lines in main.conf which are not (yet) touched by ISPC and just stay there (like ECC certs). How can I make sure they will not be overwritten in the future? (My guess is that I have to add them also to the master file?)
    Another example: I have set "smpt(d)_tls_ciphers = high" and use "tls_high_cipherlist = !aNULL:!eNULL:!CAMELLIA:HIGH:mad:STRENGTH". Now I do not have to change anything in the custom.conf file, but if in the future ISPC decides to set smpt_tls_ciphers = medium, I will become unhappy ;)

    3) Is there any option to add a parameter for example to smtpd_recipient_restrictions ? I just want to add there "check_policy_service unix:private/policy-spf" without overwriting all the other settings. (When I think about that, I could also drop it as rspamd takes care about this now.)

    Dovecot
    4) I got this message during upgrade:
    Code:
    The following local config override templates were found, be sure to incorporate upstream changes if needed:
    
    /usr/local/ispconfig/server/conf-custom/install/dovecot_custom.conf.master
    /usr/local/ispconfig/server/conf-custom/install/postfix_custom.conf.master
    So, the system recognizes the files. However, the file /etc/dovecot/conf.d/99-ispconfig-custom-config.conf is not created. Then I copied the file manually, but I get a warning:
    Code:
    doveconf: Warning: /etc/dovecot/conf.d/99-ispconfig-custom-config.conf line 29: Global setting mail_plugins won't change the setting inside an earlier filter at /etc/dovecot/dovecot.conf line 70 (if this is intentional, avoid this warning by moving the global setting before /etc/dovecot/dovecot.conf line 70)
    
    So, you can not set global mail_plugins in that file. I solved this by not setting global plugins but instead adding the individual plugins everywhere with:
    mail_plugins = $mail_plugins my_plugins
    (By the way: The ISPC config has "sieve quota" as global plugin and as individual which is not necessary, see doveconf -n, its now two times in the config.)
    This seems to work. But again, a reconfigure service does not use the file /usr/local/ispconfig/server/conf-custom/install/dovecot_custom.conf.master
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I believe you'd have to override the settings; I have pointers to mailman paths in postfix settings, and I haven't used mailman at all; I just ignore/don't use them.

    Yes, you can put your custom settings in the file to ensure they won't be overwritten if ISPConfig adds that setting in the future.

    Not to append to an existing value, no; just add the full smtpd_recipient_restrictions setting in your postfix_custom.conf.master.

    This is a bug, fixed in nightly builds.

    I wonder if we moved '!include_try conf.d/99-ispconfig-custom-config.conf' higher up in dovecot.conf if it would resolve that. Want to test it?
     
    Steini86 likes this.
  3. Steini86

    Steini86 Active Member

    I hope I find time to test it tomorrow. At the moment the setup is working.
    My guess is that it fixes the global setting, but the individual settings are then overwritten by ISPC because they come afterwards. So, two files would be needed, one for global options at the top and another for individual settings at the end. Not really satisfactory :/.
    It might be solved, if ISPC uses something like
    Code:
    mail_plugins = $mail_plugins quota sieve
    , then the plugins are added and not overwritten.
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You can test this if you like: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1459/diffs

    The only issue I see is if someone sets global mail_plugins in their custom config and does not include $mail_plugins or explicitly add 'quota', then quota won't work (maybe will error? I didn't test). The alternative is to add 'mail_plugins = $mail_plugins quota' after the inclusion, but then you get the same error as above every time you restart dovecot (though harmless). I'd be good with just saying that's a locally created issue that should be fixed locally.
     
    Steini86 likes this.
  6. Steini86

    Steini86 Active Member

    Works for me. Thanks! :)
    Did not test it. But it's the same for any config: If the user overwrites an essential setting, it's broken.
    Anyway: At the moment quote is set as a global option and added(!) as individual option. Consequently, with "doveconf -n" one gets:
    Code:
    mail_plugins = quota quota
    However: Setting this twice does not lead to an error/warning and seems to work fine.
     
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Yes, this is fine :)

    But please see https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6126 - maybe you could double check if moving the include_try setting back to the end of the file works?
     
  8. Steini86

    Steini86 Active Member

    You are correct. It (only) worked for me, because I was adding settings and plugins and not overwriting them.
    The problem with the include at the end is that you can not set global plugins. Global plugins need to be set before the individual filters.
    So, I see two options:
    1. Just no support for adding global plugins and move the include to the end
    2. Use two include files, one at the top (before the filters section, but after the other global settings), one at the bottom
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Are you sure? iirc, this did work in my testing.
     
  10. Steini86

    Steini86 Active Member

    I have set in my custom conf:
    Code:
    mail_plugins = $mail_plugins zlib notify push_notification
    Having the include before line 68:
    Code:
    # doveconf -n | grep plugin
    mail_plugins = quota zlib notify push_notification
    plugin {
      mail_plugins = quota zlib notify push_notification imap_zlib imap_sieve quota imap_quota
      mail_plugins = quota zlib notify push_notification sieve quota
      mail_plugins = quota zlib notify push_notification quota sieve
      mail_plugins = quota zlib notify push_notification quota
    Include at the end:
    Code:
    # doveconf -n | grep plugin  
    doveconf: Warning: /etc/dovecot/conf.d/99-ispconfig-custom-config.conf line 36: Global setting mail_plugins won't change the setting inside an earlier filter at /etc/dovecot/dovecot.conf line 68 (if this is intentional, avoid this warning by moving the global setting before /etc/dovecot/dovecot.conf line 68)
    doveconf: Warning: /etc/dovecot/conf.d/99-ispconfig-custom-config.conf line 36: Global setting mail_plugins won't change the setting inside an earlier filter at /etc/dovecot/dovecot.conf line 68 (if this is intentional, avoid this warning by moving the global setting before /etc/dovecot/dovecot.conf line 68)
    mail_plugins = quota zlib notify push_notification
    plugin {
      mail_plugins = quota quota imap_quota imap_zlib imap_sieve
      mail_plugins = quota quota
      mail_plugins = quota sieve quota
      mail_plugins = quota quota sieve
    (I just changed the config file and used "doveconf -n", have not restarted dovecot though)
    (Note that the mail_plugins are sorted differently in both cases because I disabled pop3 in my config. The first one has imap, lda, lmtp, pop3. The second imap, pop3, lda, lmtp)
     
  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Alright, so we should either add a secondary file indeed (98-local-before something something) or users should define the plugins in their custom config again.
     
    Steini86 likes this.
  12. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Is mail_plugins the only seeing where this applies? If so, when copying the custom file into place we could get for that and set it in an earlier include (or right in dovecot.conf template), then comment the lines in the 99-.... file.
     
    Th0m likes this.
  13. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    would be good to add a note about it because I can already image some forum posts saying this comment is the reason something doesn't work ;)
     
  14. Steini86

    Steini86 Active Member

    It might also be an option to remove the global variable mail_plugins completely and only work with local configs. Or look in the custom config file for a global mail_plugins and show a warning/error.
    See: https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#variable-expansion

    Edit:
    Also had a small bug (more a dovecot problem):
    I changed the path for the DH param and do not have the file "/etc/dovecot/dh.pem". Although this line does not appear in "doveconf -n", it gives the error "file not found /etc/dovecot/dh.pem" and does not start.
     
    Last edited: Mar 26, 2021

Share This Page