diff --git a/Bundler/postfix.xml b/Bundler/postfix.xml
index a3d75d1..f966737 100644
--- a/Bundler/postfix.xml
+++ b/Bundler/postfix.xml
@@ -3,10 +3,23 @@
+
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Bundler/postfix_canonical.xml b/Bundler/postfix_canonical.xml
index a5c8c44..fda35b7 100644
--- a/Bundler/postfix_canonical.xml
+++ b/Bundler/postfix_canonical.xml
@@ -3,8 +3,4 @@
-
-
-
-
diff --git a/Bundler/postfix_sqlgrey_recipient_access.xml b/Bundler/postfix_sqlgrey_recipient_access.xml
deleted file mode 100644
index 78be100..0000000
--- a/Bundler/postfix_sqlgrey_recipient_access.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
-
-
-
-
diff --git a/Cfg/etc/postfix/main.cf/main.cf.G50_mail-satellite b/Cfg/etc/postfix/main.cf/main.cf.G50_mail-satellite
new file mode 100644
index 0000000..00a28f7
--- /dev/null
+++ b/Cfg/etc/postfix/main.cf/main.cf.G50_mail-satellite
@@ -0,0 +1,25 @@
+# -*- coding: utf-8; mode: conf-unix -*-
+#
+# Fichier gere par BCfg2
+
+# Les mails viennent de @crans.org
+myorigin = crans.org
+
+# Alias
+alias_database = hash:/etc/postfix/aliases
+alias_maps = $alias_database
+
+# Les mails sont envoyes a notre MX
+relayhost = smtp.adm.crans.org
+
+# Utilisation locale uniquement
+mynetworks = 127.0.0.0/8
+inet_interfaces = loopback-only
+
+# Reecriture des entetes: @host.crans.org -> @crans.org
+canonical_maps = regexp:/etc/postfix/canonical
+
+# Autres
+recipient_delimiter =
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
diff --git a/Metadata/groups.xml b/Metadata/groups.xml
index 7b19bab..d9dbca4 100644
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@@ -13,7 +13,6 @@
profile="true">
-
+
+
@@ -78,7 +79,10 @@
+ comment="le serveur sur les adherent peuvent se logger">
+
+
+
+
+
+
@@ -133,7 +141,7 @@
-
@@ -144,7 +152,6 @@
-
diff --git a/TCheetah/etc/postfix/main.cf/template b/TCheetah/etc/postfix/main.cf/template
index 6effbba..b9f9fa3 100644
--- a/TCheetah/etc/postfix/main.cf/template
+++ b/TCheetah/etc/postfix/main.cf/template
@@ -1,26 +1,45 @@
# -*- coding: utf-8; mode: conf-unix -*-
#
# Fichier gere par BCfg2
+#
+# Fichier de configuration principal de postfix.
## On change le style de parsing parceque sinon c'est vraiment relou
#compiler-settings
cheetahVarStartToken = @
-commentStartToken = %%
+commentStartToken = %#
multilineCommentStartToken = %*
multilineCommentEndToken = *%
directiveStartToken = %
directiveEndToken = %
#end compiler-settings
-%% +------------------------+
-%% | Utils pour le template |
-%% +------------------------+
+%# +------------------------+
+%# | Utils pour le template |
+%# +------------------------+
-%set @manage_ml = "mailing-list-manager" in @metadata.groups
-%set @mx = "mail-mx" in @metadata.groups
+%# Indique si c'est un MX principal ou secondaire.
%set @main = "mail-mx-main" in @metadata.groups
-%set @users = "mail-mx-users" in @metadata.groups
-%set @rescue = "mail-mx-rescue" in @metadata.groups
+%set @secondary = "mail-mx-secondary" in @metadata.groups
+%# Indique si c'est un MX public, par exemple le serveur
+%# des adherents est utilise uniquement en interne
+%set @public = "mail-mx-public" in @metadata.groups
+
+%# Si vrai alors delivre localement les mails des adherents.
+%set @users = "users" in @metadata.groups
+
+%# Si vrai alors passe les mails des ml a mailman
+%set @manage_ml = "mailing-list-manager" in @metadata.groups
+
+%# La base de donnee utilise
+%if "ldap" in @metadata.groups
+ %set @db = "ldap"
+%elif "pgsql" in @metadata.groups
+ %set @db = "pgsql"
+%else
+ %raise Exception("aucune base de donne trouvee!")
+%end if
+
%set @shorthostname = @metadata.hostname.split('.',1)[0]
%def yesno(@b): %if @b then yes else no%
@@ -40,13 +59,14 @@ myorigin = crans.org
mynetworks = 138.231.136.0/21, 138.231.144.0/21, 138.231.148.0/22, 127.0.0.1/8
# Destinations acceptees
-mydestination = @shorthostname, $myhostname, localhost, localhost.$mydomain,
-%if @mx
- $mydomain, crans.ens-cachan.fr, clubs.ens-cachan.fr,
+mydestination = @shorthostname, $myhostname,
+ localhost, localhost.$mydomain
+%if @main
+ $mydomain, crans.ens-cachan.fr, clubs.ens-cachan.fr,
install-party.ens-cachan.fr
- %if @manage_ml
+%end if
+%if @manage_ml
lists.$mydomain
- %end if
%end if
%if @resuce
@@ -54,9 +74,14 @@ mydestination = @shorthostname, $myhostname, localhost, localhost.$mydomain,
myorigin = $myhostname
%end if
-%if @rescue
-# Domaine relayes par ce MX
-relay_domains = $mydestination, crans.org, crans.ens-cachan.fr, clubs.ens-cachan.fr
+# Domaine relaye par ce MX
+relay_domains = $mydestination,
+%if @secondary
+ $mydomain, crans.ens-cachan.fr, clubs.ens-cachan.fr,
+ install-party.ens-cachan.fr
+%end if
+%if @public and not @manage_ml
+ lists.$mydomain
%end if
# Etre notifie ou non de l'arrive de nouveaux mails
@@ -68,7 +93,7 @@ biff = @yesno(@users)
# il faut enlever ca.
soft_bounce = no
-%if @main
+%if @users
# On delivre dans des maildir
mail_spool_directory = /var/mail/
%end if
@@ -83,13 +108,8 @@ delay_warning_time = 24h
# Esthetisme
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-%if @rescue
-# Reecriture des entetes: @host.crans.org -> @crans.org
-canonical_maps = regexp:/etc/postfix/canonical
-%else
# Reecriture des entetes
canonical_maps = ldap:/etc/postfix/ldap-canonical.cf
-%end if
# Par ou passer (notement pour la distrtibution des adresse locales par bleu)
transport_maps = hash:/etc/postfix/transport
@@ -107,13 +127,13 @@ alias_database = hash:/etc/postfix/aliases
hash:/var/lib/mailman/data/aliases
%end if
-# Plus le ldap
+# Plus les alias dans la base de donnees
alias_maps = $alias_database, ldap:/etc/postfix/ldap-aliases.cf
# On prend aussi en compte les utilisateurs de /etc/passwd
local_recipient_maps = $alias_maps unix:passwd.byname
-# Les anciennes ML @crans.org -> @lists.crans.org
+# Les anciennes ML @crans.org, @crans.ens-cachan.fr -> @lists.crans.org
virtual_alias_maps = hash:/etc/postfix/virtual
# +-------------+
@@ -175,7 +195,7 @@ smtpd_recipient_restrictions = permit_mynetworks
%end if
# rejette les destinations non locales
reject_unauth_destination
-%if @main
+%if @public
# accepte si le champ contourneGreylist de la base est a OK
check_recipient_access ldap:/etc/postfix/ldap-sqlgrey.cf
# accepte si la greylist est d'accord
@@ -188,7 +208,7 @@ message_size_limit = 4194304
mailbox_size_limit = 78643000
# Obligation de specifier le nom de domaine complet
-append_dot_mydomain = @yesno(@rescue)
+append_dot_mydomain = @yesno(@secondary)
%if @main
## Filtrage AV
@@ -201,7 +221,7 @@ lmtp_send_xforward_command=yes
# Pieces jointes
mime_header_checks = regexp:/etc/postfix/mime_header_checks
-%if not @rescue
+%if not @secondary
# +----------------------+
# | Connexion de secours |
# +----------------------+
diff --git a/TCheetah/etc/postfix/master.cf/template b/TCheetah/etc/postfix/master.cf/template
new file mode 100644
index 0000000..bff3ffd
--- /dev/null
+++ b/TCheetah/etc/postfix/master.cf/template
@@ -0,0 +1,158 @@
+# -*- coding: utf-8; mode: conf-unix -*-
+#
+# Fichier gere par BCfg2
+#
+# Fichier de configuration des demons de postfix
+
+#compiler-settings
+cheetahVarStartToken = @
+commentStartToken = %#
+multilineCommentStartToken = %*
+multilineCommentEndToken = *%
+directiveStartToken = %
+directiveEndToken = %
+#end compiler-settings
+
+%# +------------------------+
+%# | Utils pour le template |
+%# +------------------------+
+
+%# Indique si c'est un MX principal ou secondaire.
+%set @main = "mail-mx-main" in @metadata.groups
+%set @secondary = "mail-mx-secondary" in @metadata.groups
+%# Indique si c'est un MX public, par exemple le serveur
+%# des adherents est utilise uniquement en interne
+%set @public = "mail-mx-public" in @metadata.groups
+
+%set @shorthostname = @metadata.hostname.split('.',1)[0]
+%set @pub = @shorthostname + ".crans.org"
+%set @adm = @shorthostname + ".adm.crans.org"
+%set @loc = "127.0.0.1"
+
+# Postfix master process configuration file. Each line describes how
+# a mailer component program should be run. The fields that make up
+# each line are described below. A "-" field value requests that a
+# default value be used for that field.
+#
+# Service: any name that is valid for the specified transport type
+# (the next field). With INET transports, a service is specified as
+# host:port. The host part (and colon) may be omitted. Either host
+# or port may be given in symbolic form or in numeric form. Examples
+# for the SMTP server: localhost:smtp receives mail via the loopback
+# interface only; 10025 receives mail on port 10025.
+#
+# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain
+# sockets, "fifo" for named pipes.
+#
+# Private: whether or not access is restricted to the mail system.
+# Default is private service. Internet (inet) sockets can't be private.
+#
+# Unprivileged: whether the service runs with root privileges or as
+# the owner of the Postfix system (the owner name is controlled by the
+# mail_owner configuration variable in the main.cf file).
+#
+# Chroot: whether or not the service runs chrooted to the mail queue
+# directory (pathname is controlled by the queue_directory configuration
+# variable in the main.cf file). Presently, all Postfix daemons can run
+# chrooted, except for the pipe, virtual and local delivery daemons.
+# The files in the examples/chroot-setup subdirectory describe how
+# to set up a Postfix chroot environment for your type of machine.
+#
+# Wakeup time: automatically wake up the named service after the
+# specified number of seconds. A ? at the end of the wakeup time
+# field requests that wake up events be sent only to services that
+# are actually being used. Specify 0 for no wakeup. Presently, only
+# the pickup, queue manager and flush daemons need a wakeup timer.
+#
+# Max procs: the maximum number of processes that may execute this
+# service simultaneously. Default is to use a globally configurable
+# limit (the default_process_limit configuration parameter in main.cf).
+# Specify 0 for no process count limit.
+#
+# Command + args: the command to be executed. The command name is
+# relative to the Postfix program directory (pathname is controlled by
+# the program_directory configuration variable). Adding one or more
+# -v options turns on verbose logging for that service; adding a -D
+# option enables symbolic debugging (see the debugger_command variable
+# in the main.cf configuration file). See individual command man pages
+# for specific command-line options, if any.
+#
+# In order to use the "uucp" message tranport below, set up entries
+# in the transport table.
+#
+# In order to use the "cyrus" message transport below, configure it
+# in main.cf as the mailbox_transport.
+#
+# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
+# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
+#
+# DO NOT CHANGE THE ZERO PROCESS LIMIT FOR CLEANUP/BOUNCE/DEFER OR
+# POSTFIX WILL BECOME STUCK UP UNDER HEAVY LOAD
+#
+# DO NOT CHANGE THE ONE PROCESS LIMIT FOR PICKUP/QMGR OR POSTFIX WILL
+# DELIVER MAIL MULTIPLE TIMES.
+#
+# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (50)
+# ==========================================================================
+@pub:smtp inet n - - - - smtpd
+%if not @public
+ -o content_filter=lmtp:[amavis.adm.crans.org]:10024
+%end if
+@loc:smtp inet n - - - - smtpd
+#628 inet n - - - - qmqpd
+pickup fifo n - - 60 1 pickup
+cleanup unix n - - - 0 cleanup
+qmgr fifo n - - 300 1 qmgr
+#qmgr fifo n - - 300 1 nqmgr
+rewrite unix - - - - - trivial-rewrite
+bounce unix - - - - 0 bounce
+defer unix - - - - 0 bounce
+trace unix - - - - 0 bounce
+verify unix - - - - 1 verify
+flush unix n - - 1000? 0 flush
+proxymap unix - - n - - proxymap
+smtp unix - - - - - smtp
+relay unix - - - - - smtp
+showq unix n - - - - showq
+error unix - - - - - error
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - n - 5 lmtp
+#
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+# The Cyrus deliver program has changed incompatibly.
+#
+cyrus unix - n n - - pipe
+ flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension} ${user}
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
+scalemail-backend unix - n n - 2 pipe
+ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+
+# only used by postfix-tls
+smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes
+587 inet n - - - - smtpd -o smtpd_enforce_tls=yes
+tlsmgr fifo - - n 300 1 tlsmgr
+
+%if @main
+# Serveur smtp pour recuperation des mails d'amavis
+# Verifie uniquement que le source viens bien du reseau
+# d'administration
+@adm:smtp inet n - n - - smtpd
+ -o content_filter=
+ -o local_recipient_maps=
+ -o smtpd_helo_restrictions=
+ -o smtpd_client_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o mynetworks=138.231.144.0/24
+%end if