#!/bin/bash
set -e

sdir=/usr/share/omix
ldir=/var/lib/omix
vdir=/etc/omix
pdir=/etc/postfix

ln -sf $ldir/dovecot.conf /etc/dovecot/omix.conf
ln -sf $ldir/dovecot-auth-ldap.conf.omix /etc/dovecot/auth-ldap.conf.omix
ln -sf /etc/dovecot/dovecot-ldap.conf.omix /etc/dovecot/dovecot-ldap-userdb.conf.omix
sed -i '/omix.conf/d;/!include_try local.conf/i !include_try omix.conf' \
  /etc/dovecot/dovecot.conf
sed -i '/^#/b; /auth-system.conf.ext/s/^/#/' \
  /etc/dovecot/conf.d/10-auth.conf

ldapconf=/etc/dovecot/dovecot-ldap.conf.omix
if [[ ! -e $ldapconf ]]; then
    dom=$(hostname -d)
    for ad in $dom ${dom/.omx/.bla} ad.${dom/.omx/.bla}; do
        dc=$(host -t SRV -W 1 _ldap._tcp.$ad 2>/dev/null | sed '/NXDOMAIN/d; s/.* //; s/\.$//' | tr '\n' ' ')
        [[ -n $dc ]] && break
    done

    ldapconf=/etc/dovecot/dovecot-ldap.conf.omix
    cat >$ldapconf <<EOF
hosts = $dc
base = dc=${ad//./,dc=}
dn = dovecot@$ad
dnpass = ******

auth_bind = yes
pass_attrs = sAMAccountName=user
pass_filter = (&(objectClass=user)(sAMAccountName=%n))
user_attrs = sAMAccountName=user
user_filter = (&(objectClass=user)(sAMAccountName=%n))

iterate_attrs = sAMAccountName=user
iterate_filter = (objectClass=user)
EOF
    chown root:dovecot $ldapconf
    chmod 640 $ldapconf
fi

ln -sf $ldir/postfix.cf $pdir/main.cf
ln -sf $ldir/mail.aliases $pdir/aliases
ln -sf $ldir/mail.valiasdomains $pdir/valiasdomains
ln -sf /etc/omix/mail.aliases $pdir/valiasmaps
ln -sf $ldir/mail.allowfrom $pdir/allowfrom

postconf -M submission/inet="submission inet n       -       -       -       -       smtpd"
postconf -P "submission/inet/syslog_name=postfix/submission"
postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
postconf -P "submission/inet/smtpd_tls_auth_only=yes"
postconf -P "submission/inet/smtpd_sasl_type=dovecot"
postconf -P "submission/inet/smtpd_sasl_path=private/auth"
postconf -P "submission/inet/smtpd_sasl_security_options=noanonymous"
postconf -P "submission/inet/smtpd_sasl_local_domain="
postconf -P "submission/inet/smtpd_reject_unlisted_recipient=no"
postconf -P "submission/inet/smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject"
postconf -P "submission/inet/smtpd_sender_restrictions=\$mua_smtpd_sender_restrictions"
postconf -P "submission/inet/smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject"
postconf -P "submission/inet/milter_macro_daemon_name=ORIGINATING"

$sdir/mkconf
