Canonical.db in NS8

NethServer Version: 8
Module: mail migration

Hello again,
after migration we have massive problems with email module…

  1. In NS7 we had numbered clients user00 … user99, because of personnel fluctuation.
    If someone changed we only edited the file /etc/postfix/canonical and translated it with

postmap /etc/postfix/canonical

and all ok
Example of canonical:

`user01@xxx.lan	steffen.stab@xxx-yyy.de
user02@xxx.lan	juergen.joker@xxx-yyy.de`

Now the mail sender name is user01…
How is it possible to right this in NS8 ???

I’m sorry, but this is an NS7 customization, and it is not handled by the migration tool. To implement a similar customization in NS8, refer to this documentation: GitHub - NethServer/ns8-mail: NS8 Mail module with SMTP, IMAP, Spam/Virus filter

If you introduce a custom Postfix table, such as “canonical,” ensure its path resides under the postfix-custom volume; otherwise, its data will be lost on the next container restart.

1 Like

Thanks to your advice,
… but …
I don’t understand, it is too complex,
I created the file /home/mail1/…volumes/postfix_custom/_data/canonical
(can’t remember path exactly…) and tried command as root:

podman exec mail1 postmap canonical
… Container mail1 not found

# podman images | grep mail
ghcr.io/nethserver/mail                       1.5.2          a21bb146e34b  5 days ago     10.9 MB
ghcr.io/nethserver/mail                       1.4.7          5f2ab9068424  4 months ago   10.5 MB
ghcr.io/nethserver/mail                       1.4.6          09f14dd4a4ae  4 months ago   10.5 MB
ghcr.io/nethserver/mail                       1.4.5          c46ef85d3bd1  6 months ago   10.5 MB

???? 4 mail found ??? whats that ???

Rootless applications run as unprivileged Unix users. The runagent command is required to impersonate that user and set the environment correctly, like the agent binary do when it runs actions from the web UI.

 runagent -m mail1 # starts App's Bash

Launch Podman commands from that Shell.

1 Like

Hi.
tried the following, but without success:

root@ns8:/home/tux# runagent -m mail1
runagent: [INFO] starting bash -l
runagent: [INFO] working directory: /home/mail1/.config/state
mail1@ns8:~/.config/state$ cd .local/share/containers/storage/volumes/postfix-custom/_data/
bash:cd ../../.local/share/containers/storage/volumes/postfix-custom/_data/
mail1@ns8:~/.local/share/containers/storage/volumes/postfix-custom/_data$ podman exec postfix postmap ./canonical
exit
reboot

What is wrong ? Perhaps I’m too dump ?

No, it just require another step, to start a Shell in Postfix container, as explained in the Readme:

 podman exec -ti postfix ash -l

Changing the container file in such way may compromise its ownership and security attributes. Remove that file and repeat your custom commanda from the Ash shell in Postfix container.

Thanks, but see yourself

mail1@ns8:~/.config/state$ podman run -ti postfix ash -l
Error: short-name "postfix" did not resolve to an alias and no unqualified-search registries are defined in "/etc/containers/registries.conf"

1 Like

sorry my mistake, not “run” but “exec”. Fixed above.

… now this command runs, but I couldn’t find MY file “canonical” in this environment.
So I renamed the original file canonical and created with vi my own file /etc/postfix/canonical.
After this I did “postmap canonical” . Tomorrow we will test the implications of this.
But I read, that the next nethserver update would destroy my configuration.
Is it so ? What steps are necessary to make my canonical “static” ?

Do not use /etc/postfix: files must be placed under a directory mounted on a persistent volume.

Custom configuration is saved in the postfix-custom volume. – ns8-mail/README.md at main · NethServer/ns8-mail · GitHub

As you can see from the examples, the volume is mounted on /etc/postfix/main.cf.d/, so put everything under that dir. Do not forget that *.cf files are automatically appended to Postfix main.cf, to override previous configuration directives.

OK … I tried again … but I have no permissions to make “postmap”
Have a look;

ns8:/etc/postfix/main.cf.d# postmap /etc/postfix/main.cf.d/canonical
postmap: fatal: open database /etc/postfix/main.cf.d/canonical.lmdb: Permission denied
ns8:/etc/postfix/main.cf.d# whoami
root

Is it a Rocky Linux node? Try to restart the Postfix container. On startup the volume’s SELinux attributes could be fixed automatically.

 runagent -m mail1 systemctl --user restart postfix
1 Like

NS8 works at debian12 as base.
I restarted postfix with your command. We don’t need postmap command ??
Then the check - what means the warning at the end. Have I to do something ??

runagent -m mail1 systemctl --user status postfix

● postfix.service - Postfix MTA/MSA server
     Loaded: loaded (/home/mail1/.config/systemd/user/postfix.service; enabled; preset: enabled)
     Active: active (running) since Tue 2025-02-04 12:14:44 CET; 26s ago
    Process: 1761417 ExecStartPre=/bin/rm -f /run/user/1008/postfix.pid /run/user/1008/postfix.ctr-id (code=exited, status=0/SUCCESS)
    Process: 1761419 ExecStartPre=/bin/mkdir -vp pcdb (code=exited, status=0/SUCCESS)
    Process: 1761420 ExecStartPre=runagent install-certificate postfix (code=exited, status=2)
    Process: 1761478 ExecStartPre=runagent discover-services (code=exited, status=0/SUCCESS)
    Process: 1761481 ExecStart=/usr/bin/podman run --detach --conmon-pidfile=/run/user/1008/postfix.pid --cidfile=/run/user/1008/postfix.ctr-id --cgroups=no-conmon -->
   Main PID: 1761496 (conmon)
      Tasks: 1 (limit: 33577)
     Memory: 35.6M
        CPU: 5.146s
     CGroup: /user.slice/user-1008.slice/user@1008.service/app.slice/postfix.service
             └─1761496 /usr/bin/conmon --api-version 1 -c e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6b2d5b1b -u e1934ef7930bac4115c6a22e6ab96a4a3bdb7eac>

Feb 04 12:14:43 ns8 postfix[1761480]: enabled
Feb 04 12:14:44 ns8 podman[1761481]: 2025-02-04 12:14:44.133970893 +0100 CET m=+0.111228696 image pull  ghcr.io/nethserver/mail-postfix:1.5.2
Feb 04 12:14:44 ns8 podman[1761481]: 
Feb 04 12:14:44 ns8 podman[1761481]: 2025-02-04 12:14:44.438422376 +0100 CET m=+0.415680162 container create e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6>
Feb 04 12:14:44 ns8 podman[1761481]: 2025-02-04 12:14:44.590244282 +0100 CET m=+0.567502132 container init e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6b2>
Feb 04 12:14:44 ns8 podman[1761481]: 2025-02-04 12:14:44.601184741 +0100 CET m=+0.578442504 container start e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6b>
Feb 04 12:14:44 ns8 postfix[1761481]: e1934ef7930bac4115c6a22e6ab96a4a3bdb7eacb65e13d4b427d49f6b2d5b1b
Feb 04 12:14:44 ns8 systemd[1063]: Started postfix.service - Postfix MTA/MSA server.
Feb 04 12:14:47 ns8 postfix[1761496]: postfix/postlog: warning: not owned by root: /etc/postfix/./main.cf.d/canonical
Feb 04 12:14:47 ns8 postfix[1761496]: postfix/postlog: starting the Postfix mail system
~

Good to know.

If I understand correctly what you want to achieve, yes.

Yes the permission issue is still there. Restart was just an idea for SELinux relabeling on Rocky Linux. In this case the file has a wrong owner. If you created it with the root user, as said before, you did a mistake because the container runs in a uid/gid mapped namespace. In other words the root user inside the container is seen as mail1 from the host perspective. To fix the permissions in this case run as root:

 chown -c -R mail1:mail1 ~mail1/.local/share/containers/storage/volumes/postfix-custom/_data

… see next step:

mail1@ns8:~/.config/state$ podman exec -ti postfix ash -l
ns8:/etc/postfix# cd main.cf.d/
ns8:/etc/postfix/main.cf.d# ls -l
total 8
-rw-r--r--    1 root     root           114 Aug  2  2024 README
-rw-r--r--    1 root     root           790 Feb  4 09:40 canonical
ns8:/etc/postfix/main.cf.d# postmap ./canonical
postmap: warning: ./canonical, line 13: expected format: key whitespace value
ns8:/etc/postfix/main.cf.d# vi canonical
ns8:/etc/postfix/main.cf.d# postmap ./canonical
ns8:/etc/postfix/main.cf.d# postmap ./canonical
ns8:/etc/postfix/main.cf.d# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
ns8:/etc/postfix/main.cf.d# postfix status
postfix/postfix-script: the Postfix mail system is running: PID: 1

I thought, all is correct, but it is not possible to answer an email with correct sender, because at example user01@xxx.lan not changed to steffen.stab@xxx-yyy.de
user01@xxx.lan is not accepted.
Is there no other way to correct this “small but vexing” problem on smartphones ?
I really wish, I were stay on NS7 …
Or is there an basic mistake in my structure

Your commands seem correct, but something is probably missing.

The Postfix CentOS 7 RPM may provide a different default configuration for the canonical_maps parameter.

However, in our Postfix container configuration, there is no default setup that refers to a “canonical” file, so you must override canonical_maps, as explained in the Readme linked in the previous post.

You can do this by adding the following line to /etc/postfix/main.cf.d/myoverride.cf:

canonical_maps = lmdb:/etc/postfix/main.cf.d/canonical

Note that the hash (Berkeley DB) format is not available in the container image, so you must use a different database type. In the example above, I used “lmdb”. Refer to Postfix database types and the postconf man page for more information.

As explained in the Readme, when we change a file like myoverride.cf the command that applies the change can be reload-config from the container, or runagent -m mail1 systemctl --user reload postfix from the host root context. Still postmap is required if implied by the DB format.

Thanks,
… but I understand you only partial.
But how could I prevent this trouble ?
I’m ready to create a new nethserver with a new structure. Where is my mistake of structure, that generates this trouble ?

If I understand your request correctly, you want to preserve the custom configuration you had in NS7. However, due to the different implementation in NS8, the procedure you used needs to be adjusted.

What you’re trying to do is find an equivalent approach to what you did in NS7. While this is possible, it may not be the optimal solution.

Fixing the sender address in all mail clients might require some effort, but it would save you from the challenges of customization.

I can’t provide a step-by-step procedure because I cannot test if it works. But I think you are not far from the solution and you have all the information to achieve a working setup again!

If there would be a way to do this, we all would be happy. There are now 15 smartphones and fluctuation of workers were minimized.
I looked 100 times, but can’t see an option to assign the sender address in smartphone mail application. They need an username to login to mail server. This name they use as sender address.
This mail clients are proprietary software, I can’t simple change that …

In NS8 the domain suffix is not relevant for IMAP logins. I think you can fix them with the correct value. Please do a test!