Hello again,
after migration we have massive problems with email module…
In NS7 we had numbered clients user00 … user99, because of personnel fluctuation.
If someone changed we only edited the file /etc/postfix/canonical and translated it with
If you introduce a custom Postfix table, such as “canonical,” ensure its path resides under the postfix-custom volume; otherwise, its data will be lost on the next container restart.
Thanks to your advice,
… but …
I don’t understand, it is too complex,
I created the file /home/mail1/…volumes/postfix_custom/_data/canonical
(can’t remember path exactly…) and tried command as root:
podman exec mail1 postmap canonical
… Container mail1 not found
# podman images | grep mail
ghcr.io/nethserver/mail 1.5.2 a21bb146e34b 5 days ago 10.9 MB
ghcr.io/nethserver/mail 1.4.7 5f2ab9068424 4 months ago 10.5 MB
ghcr.io/nethserver/mail 1.4.6 09f14dd4a4ae 4 months ago 10.5 MB
ghcr.io/nethserver/mail 1.4.5 c46ef85d3bd1 6 months ago 10.5 MB
???? 4 mail found ??? whats that ???
Rootless applications run as unprivileged Unix users. The runagent command is required to impersonate that user and set the environment correctly, like the agent binary do when it runs actions from the web UI.
No, it just require another step, to start a Shell in Postfix container, as explained in the Readme:
podman exec -ti postfix ash -l
Changing the container file in such way may compromise its ownership and security attributes. Remove that file and repeat your custom commanda from the Ash shell in Postfix container.
mail1@ns8:~/.config/state$ podman run -ti postfix ash -l
Error: short-name "postfix" did not resolve to an alias and no unqualified-search registries are defined in "/etc/containers/registries.conf"
… now this command runs, but I couldn’t find MY file “canonical” in this environment.
So I renamed the original file canonical and created with vi my own file /etc/postfix/canonical.
After this I did “postmap canonical” . Tomorrow we will test the implications of this.
But I read, that the next nethserver update would destroy my configuration.
Is it so ? What steps are necessary to make my canonical “static” ?
As you can see from the examples, the volume is mounted on /etc/postfix/main.cf.d/, so put everything under that dir. Do not forget that *.cf files are automatically appended to Postfix main.cf, to override previous configuration directives.
NS8 works at debian12 as base.
I restarted postfix with your command. We don’t need postmap command ??
Then the check - what means the warning at the end. Have I to do something ??
runagent -m mail1 systemctl --user status postfix
● postfix.service - Postfix MTA/MSA server
Loaded: loaded (/home/mail1/.config/systemd/user/postfix.service; enabled; preset: enabled)
Active: active (running) since Tue 2025-02-04 12:14:44 CET; 26s ago
Process: 1761417 ExecStartPre=/bin/rm -f /run/user/1008/postfix.pid /run/user/1008/postfix.ctr-id (code=exited, status=0/SUCCESS)
Process: 1761419 ExecStartPre=/bin/mkdir -vp pcdb (code=exited, status=0/SUCCESS)
Process: 1761420 ExecStartPre=runagent install-certificate postfix (code=exited, status=2)
Process: 1761478 ExecStartPre=runagent discover-services (code=exited, status=0/SUCCESS)
Process: 1761481 ExecStart=/usr/bin/podman run --detach --conmon-pidfile=/run/user/1008/postfix.pid --cidfile=/run/user/1008/postfix.ctr-id --cgroups=no-conmon -->
Main PID: 1761496 (conmon)
Tasks: 1 (limit: 33577)
Memory: 35.6M
CPU: 5.146s
CGroup: /user.slice/user-1008.slice/user@1008.service/app.slice/postfix.service
└─1761496 /usr/bin/conmon --api-version 1 -c e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6b2d5b1b -u e1934ef7930bac4115c6a22e6ab96a4a3bdb7eac>
Feb 04 12:14:43 ns8 postfix[1761480]: enabled
Feb 04 12:14:44 ns8 podman[1761481]: 2025-02-04 12:14:44.133970893 +0100 CET m=+0.111228696 image pull ghcr.io/nethserver/mail-postfix:1.5.2
Feb 04 12:14:44 ns8 podman[1761481]:
Feb 04 12:14:44 ns8 podman[1761481]: 2025-02-04 12:14:44.438422376 +0100 CET m=+0.415680162 container create e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6>
Feb 04 12:14:44 ns8 podman[1761481]: 2025-02-04 12:14:44.590244282 +0100 CET m=+0.567502132 container init e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6b2>
Feb 04 12:14:44 ns8 podman[1761481]: 2025-02-04 12:14:44.601184741 +0100 CET m=+0.578442504 container start e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6b>
Feb 04 12:14:44 ns8 postfix[1761481]: e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6b2d5b1b
Feb 04 12:14:44 ns8 systemd[1063]: Started postfix.service - Postfix MTA/MSA server.
Feb 04 12:14:47 ns8 postfix[1761496]: postfix/postlog: warning: not owned by root: /etc/postfix/./main.cf.d/canonical
Feb 04 12:14:47 ns8 postfix[1761496]: postfix/postlog: starting the Postfix mail system
~
If I understand correctly what you want to achieve, yes.
Yes the permission issue is still there. Restart was just an idea for SELinux relabeling on Rocky Linux. In this case the file has a wrong owner. If you created it with the root user, as said before, you did a mistake because the container runs in a uid/gid mapped namespace. In other words the root user inside the container is seen as mail1 from the host perspective. To fix the permissions in this case run as root:
mail1@ns8:~/.config/state$ podman exec -ti postfix ash -l
ns8:/etc/postfix# cd main.cf.d/
ns8:/etc/postfix/main.cf.d# ls -l
total 8
-rw-r--r-- 1 root root 114 Aug 2 2024 README
-rw-r--r-- 1 root root 790 Feb 4 09:40 canonical
ns8:/etc/postfix/main.cf.d# postmap ./canonical
postmap: warning: ./canonical, line 13: expected format: key whitespace value
ns8:/etc/postfix/main.cf.d# vi canonical
ns8:/etc/postfix/main.cf.d# postmap ./canonical
ns8:/etc/postfix/main.cf.d# postmap ./canonical
ns8:/etc/postfix/main.cf.d# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
ns8:/etc/postfix/main.cf.d# postfix status
postfix/postfix-script: the Postfix mail system is running: PID: 1
I thought, all is correct, but it is not possible to answer an email with correct sender, because at example user01@xxx.lan not changed to steffen.stab@xxx-yyy.de
user01@xxx.lan is not accepted.
Is there no other way to correct this “small but vexing” problem on smartphones ?
I really wish, I were stay on NS7 …
Or is there an basic mistake in my structure
Your commands seem correct, but something is probably missing.
The Postfix CentOS 7 RPM may provide a different default configuration for the canonical_maps parameter.
However, in our Postfix container configuration, there is no default setup that refers to a “canonical” file, so you must override canonical_maps, as explained in the Readme linked in the previous post.
You can do this by adding the following line to /etc/postfix/main.cf.d/myoverride.cf:
Note that the hash (Berkeley DB) format is not available in the container image, so you must use a different database type. In the example above, I used “lmdb”. Refer to Postfix database types and the postconf man page for more information.
As explained in the Readme, when we change a file like myoverride.cf the command that applies the change can be reload-config from the container, or runagent -m mail1 systemctl --user reload postfix from the host root context. Still postmap is required if implied by the DB format.
Thanks,
… but I understand you only partial.
But how could I prevent this trouble ?
I’m ready to create a new nethserver with a new structure. Where is my mistake of structure, that generates this trouble ?
If I understand your request correctly, you want to preserve the custom configuration you had in NS7. However, due to the different implementation in NS8, the procedure you used needs to be adjusted.
What you’re trying to do is find an equivalent approach to what you did in NS7. While this is possible, it may not be the optimal solution.
Fixing the sender address in all mail clients might require some effort, but it would save you from the challenges of customization.
I can’t provide a step-by-step procedure because I cannot test if it works. But I think you are not far from the solution and you have all the information to achieve a working setup again!
If there would be a way to do this, we all would be happy. There are now 15 smartphones and fluctuation of workers were minimized.
I looked 100 times, but can’t see an option to assign the sender address in smartphone mail application. They need an username to login to mail server. This name they use as sender address.
This mail clients are proprietary software, I can’t simple change that …