configure alternc-slave as a primary MX for the main server

this aims to resolve a lot of mail problems we are having on our deployment at Koumbit

.gitattributes

@@ -283,6 +283,7 @@ etc/alternc/apache2-ssl.conf -text
 etc/alternc/apache2.conf -text
 etc/alternc/menulist.txt -text
 etc/alternc/phpmyadmin.inc.php -text
+etc/alternc/postfix-slave.cf -text
 etc/alternc/postfix.cf -text
 etc/alternc/templates/alternc/bureau.conf -text
 etc/alternc/templates/bind/automatic.conf -text
@@ -300,6 +301,7 @@ etc/alternc/templates/postfix/ca.der -text
 etc/alternc/templates/postfix/myalias.cf -text
 etc/alternc/templates/postfix/mydomain.cf -text
 etc/alternc/templates/postfix/mygid.cf -text
+etc/alternc/templates/postfix/myrelay.cf -text
 etc/alternc/templates/postfix/myvirtual.cf -text
 etc/alternc/templates/postfix/sasl/smtpd.conf -text
 etc/alternc/templates/proftpd/modules.conf -text

debian/alternc-slave.postinst

@@ -179,7 +179,7 @@ EOF
     db_stop
 
     echo "running alternc.install"
-    alternc.install
+    alternc.install -s
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)

etc/alternc/postfix-slave.cf

@@ -0,0 +1,36 @@
+home_mailbox = Maildir/
+smtpd_banner = $myhostname ESMTP
+header_checks = regexp:/etc/postfix/header_checks
+body_checks = regexp:/etc/postfix/body_checks
+local_destination_concurrency_limit = 8
+default_destination_concurrency_limit = 10
+smtpd_use_tls = yes
+smtpd_tls_dcert_file = /etc/courier/pop3d.pem
+smtpd_tls_dkey_file = $smtpd_tls_dcert_file
+smtpd_tls_CApath = /etc/ssl/certs/
+smtpd_tls_key_file =  $smtpd_tls_dcert_file
+smtpd_tls_cert_file =  $smtpd_tls_dcert_file
+smtpd_tls_loglevel = 0
+smtpd_tls_received_header = yes
+smtpd_tls_session_cache_timeout = 3600s
+smtp_use_tls = yes
+smtp_tls_dcert_file = $smtpd_tls_dcert_file
+smtp_tls_dkey_file = $smtpd_tls_dcert_file
+smtp_tls_CApath = $smtpd_tls_CApath
+smtpd_tls_auth_only = yes
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_local_domain = postfix
+smtpd_sasl_security_options = noanonymous
+enable_sasl_authentification = yes
+broken_sasl_auth_clients = yes
+alias_maps = hash:/etc/aliases
+virtual_maps = 
+virtual_mailbox_maps = 
+virtual_mailbox_base = 
+virtual_gid_maps = 
+virtual_uid_maps = 
+default_privs = nobody
+transport_maps=proxy:mysql:/etc/postfix/myrelay.cf
+relay_domains=proxy:mysql:/etc/postfix/myrelay.cf
+relay_recipients_map=proxy:mysql:/etc/postfix/myvirtual.cf
+smtpd_recipient_restrictions = reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, reject_rbl_client zen.spamhaus.org

etc/alternc/templates/postfix/myrelay.cf

@@ -0,0 +1,13 @@
+#
+# %%warning_message%%
+#
+
+user = %%dbuser%%
+password = %%dbpwd%%
+hosts =%%dbhost%%
+dbname = %%dbname%%
+table = mail_domain
+# this should by %%primary_mx%%
+select_field = relay:[%%mx%%]
+where_field = mail
+

install/alternc.install

@@ -10,6 +10,24 @@
 
 set -e 
 
+opts=`getopt "sf" $*`
+if [ $? -ne 0 ]; then
+    echo invalid syntax: $?
+fi
+set -- $opts
+for i; do
+    case "$i" in
+        -f|--force)
+            force=1; shift;;
+        -s|--slave)
+            slave=1; shift;;
+        --)
+            break;;
+        *)
+            echo "unknown option $i"; shift;;
+    esac
+done
+
 . /usr/lib/alternc/functions.sh
 
 #######################################################################
@@ -32,7 +50,7 @@ if [ -e /etc/courier/authdaemonrc ]; then
                   etc/courier/authmysqlrc"
 fi
 if [ -d /etc/postfix ]; then
-    CONFIG_FILES="$CONFIG_FILES etc/postfix/myalias.cf
+    CONFIG_FILES="$CONFIG_FILES etc/postfix/myalias.cf etc/postfix/myrelay.cf
                   etc/postfix/mydomain.cf etc/postfix/mygid.cf
                   etc/postfix/myvirtual.cf etc/postfix/sasl/smtpd.conf"
 fi
@@ -56,12 +74,13 @@ if [ -f "$INSTALLED_CONFIG_TAR" ]; then
     CHANGED="`env LANG=C tar -zdf "$INSTALLED_CONFIG_TAR" -C / 2> /dev/null | 
               grep -v 'postfix/main.cf' | grep -v 'Uid differs'|grep -v 'Gid differs'  |grep -v 'Mode differs' | 
               sed -e 's/^\([^:]*\).*/    \1/' | sort -u`"
+    # " shutup emacs
     if [ ! -z "$CHANGED" ]; then
         echo "The following configuration files has changed since last AlternC"
         echo "installation :"
         echo "$CHANGED"
         echo ""
-        if [ "$1" = "force" ]; then
+        if [ "$force" = "1" ]; then
             echo "Replacing them as you requested."
         else
             echo "These configuration files should normally be modified by"
@@ -246,24 +265,21 @@ for file in body_checks header_checks; do
 done
 
 # Attribute the correct rights to critical postfix files
-if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfix/mygid.cf -o -e /etc/postfix/myvirtual.cf ]; then
+if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfix/mygid.cf -o -e /etc/postfix/myvirtual.cf -o -e /etc/postfix/myrelay.cf ]; then
     chown root:postfix /etc/postfix/my*
     chmod 640 /etc/postfix/my*
 fi
 
-# configure postfix appropriatly for our needs"
+# configure postfix appropriatly for our needs
+if [ "$slave" = "1" ]; then
+    postfix_conf=/etc/alternc/postfix-slave.cf
+else
+    postfix_conf=/etc/alternc/postfix.cf
+fi
 while read line
 do
    postconf -e "$line"
-done < /etc/alternc/postfix.cf
+done < $postfix_conf
-
-while read line
-do
-   postconf -e "$line"
-done <<EOF
-myhostname = $FQDN
-myorigin = $FQDN
-EOF
 
 if [ -e /etc/courier/authmysqlrc ] ; then
     chown root:root /etc/courier/authmysqlrc