From: Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Date: Mon, 16 Dec 2024 22:13:28 +0000 (+0100)
Subject: Added mx.pm.
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=79b1572784583b62396cf17840342bf8fcae5ae2;p=user-lxc.git

Added mx.pm.
---

diff --git a/sources/mx.pm/c3d/firstboot/scripts/01_setupnetworking.sh b/sources/mx.pm/c3d/firstboot/scripts/01_setupnetworking.sh
new file mode 100755
index 0000000..f4fff5f
--- /dev/null
+++ b/sources/mx.pm/c3d/firstboot/scripts/01_setupnetworking.sh
@@ -0,0 +1,96 @@
+#!/bin/sh
+
+
+export PAGER=
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+CYCLES_WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for NetworkManager"
+    fi
+    echo -n .
+    sleep 1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+    systemctl --quiet is-active NetworkManager.service
+    NM_RC=$?
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+# wait for the two network connections to come up
+CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                            | grep --invert-match ':$' | wc -l)
+CYCLES_WAITED=0
+while [ $CONNECTION_DEVICES_UP -lt 2 ]
+do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        echo
+        nmcli connection show
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for the network connection"
+    fi
+    echo -n .
+    sleep 1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+    CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                                | grep --invert-match ':$' | wc -l)
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+if [ $CONNECTIONS -ne 2 ]
+then
+    echo "Number of connections: $CONNECTIONS instead of 2" >&2
+    exit 1
+fi
+
+CONNECTION_DEVICE="eth0"
+CONNECTION_ID="perimeter"
+CONNECTION_LINE=$(nmcli --terse connection show | grep ":${CONNECTION_DEVICE}$")
+CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $CONNECTION_ID \
+    connection.interface-name $CONNECTION_DEVICE \
+    connection.type 802-3-ethernet \
+    ipv4.addresses "192.168.173.154/24" \
+    ipv4.dns "192.168.173.223" \
+    ipv4.dns-search "pm.useribm.hu" \
+    ipv4.gateway "192.168.173.254" \
+    ipv4.method "manual" \
+    ipv4.routes "10.228.0.0/16 192.168.173.1" \
+    ipv6.addresses "2001:1aa1:000a:7c0c:000c:18ff:fe03:ad9a/64" \
+    ipv6.dns "2001:1aa1:000a:7c0c:000c:18ff:fe03:addf" \
+    ipv6.dns-search "pm.useribm.hu" \
+    ipv6.gateway "2001:1aa1:000a:7c0c:000c:18ff:fe03:adfe" \
+    ipv6.method "manual" \
+    ipv6.routes "2001:1aa1:000a:7dae::/64 2001:1aa1:000a:7c0c:000c:18ff:fe03:ad01" \
+    save yes
+
+cat <<EOF >/etc/NetworkManager/conf.d/${CONNECTION_DEVICE}.conf
+[device]
+match-device=interface-name:$CONNECTION_DEVICE
+allowed-connections=id:$CONNECTION_ID
+keep-configuration=no
+EOF
+
+nmcli connection show
+
+hostnamectl hostname mx.pm.useribm.hu
+hostnamectl
diff --git a/sources/mx.pm/c3d/firstboot/scripts/02_settimezone.sh b/sources/mx.pm/c3d/firstboot/scripts/02_settimezone.sh
new file mode 100755
index 0000000..0ec1bcc
--- /dev/null
+++ b/sources/mx.pm/c3d/firstboot/scripts/02_settimezone.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active dbus.service
+    DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest
diff --git a/sources/mx.pm/c3d/firstboot/scripts/10_setupletsencrypt.sh b/sources/mx.pm/c3d/firstboot/scripts/10_setupletsencrypt.sh
new file mode 100755
index 0000000..3ef3f70
--- /dev/null
+++ b/sources/mx.pm/c3d/firstboot/scripts/10_setupletsencrypt.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+
+if [ -d /etc/letsencrypt ]
+then
+    mv /etc/letsencrypt /etc/letsencrypt.orig
+fi
+/usr/local/bin/getletsencrypt.sh
+if [ $? -eq 0 ]
+then
+    sed --in-place=.orig \
+        's/^MAILTO=root$/MAILTO=siteadmin@useribm.hu/' \
+        /etc/crontab
+    echo >>/etc/crontab
+    echo '20 3 * * * root /usr/local/bin/getletsencrypt.sh' >>/etc/crontab
+fi
diff --git a/sources/mx.pm/c3d/firstboot/scripts/20_setuppostfix.sh b/sources/mx.pm/c3d/firstboot/scripts/20_setuppostfix.sh
new file mode 100755
index 0000000..c110386
--- /dev/null
+++ b/sources/mx.pm/c3d/firstboot/scripts/20_setuppostfix.sh
@@ -0,0 +1,93 @@
+#!/bin/sh
+set -x
+
+
+groupadd --gid 249 \
+         --system \
+         spamd
+useradd --comment "Spamassassin User" \
+        --create-home \
+        --gid 249 \
+        --system \
+        --uid 249 \
+        spamd
+
+LANG=C /usr/bin/sa-update
+
+groupadd --gid 250 \
+         --system \
+         vmail
+useradd --comment "Virtual Mail User" \
+        --home-dir /var/vmail \
+        --gid 250 \
+        --no-create-home \
+        --system \
+        --uid 250 \
+        vmail
+
+#sasldblistusers2
+#saslpasswd2 -c -u almabarat.hu almabarat (AppleFriend@)
+
+sed --in-place=.orig \
+    --expression='/^smtp \+inet \+n/a\
+    -o content_filter=spamassassin\
+spamassassin unix -     n       n       -       -       pipe\
+    user=spamd argv=/usr/bin/spamc -f -e\
+    /usr/sbin/sendmail -oi -f ${sender} ${recipient}\
+policyd-spf  unix -     n       n       -       0       spawn\
+    user=policyd-spf argv=/usr/libexec/postfix/policyd-spf' \
+    --expression='s/^#\(submission \+inet \+n\)/\1/' \
+    /etc/postfix/master.cf
+
+echo "root:		siteadmin@useribm.hu" >>/etc/aliases
+postalias /etc/aliases
+
+postmap /etc/postfix/vmail_aliases
+postmap /etc/postfix/vmail_maildirs
+
+# change existing parameters
+postconf inet_interfaces=all
+postconf smtpd_tls_cert_file=/etc/letsencrypt/live/useribm/fullchain.pem
+postconf smtpd_tls_key_file=/etc/letsencrypt/live/useribm/privkey.pem
+
+# add new parameters
+echo >>/etc/postfix/main.cf
+postconf mydomain=useribm.hu
+postconf myhostname=mx.useribm.hu
+postconf mynetworks="127.0.0.0/8, 192.168.173.0/24, 10.228.0.0/16"
+postconf myorigin='$mydomain'
+
+echo >>/etc/postfix/main.cf
+postconf mailbox_size_limit=0
+postconf virtual_mailbox_limit=0
+postconf message_size_limit=67108864
+
+echo >>/etc/postfix/main.cf
+postconf virtual_mailbox_base=/var/vmail
+postconf virtual_minimum_uid=250
+postconf virtual_uid_maps=static:250
+postconf virtual_gid_maps=static:250
+
+echo >>/etc/postfix/main.cf
+postconf virtual_mailbox_domains="almabarat.hu, useribm.hu"
+postconf virtual_mailbox_maps=hash:/etc/postfix/vmail_maildirs
+postconf virtual_alias_maps=hash:/etc/postfix/vmail_aliases
+
+echo >>/etc/postfix/main.cf
+postconf smtpd_sasl_path=smtpd
+postconf smtpd_sasl_auth_enable=yes
+
+echo >>/etc/postfix/main.cf
+postconf policyd-spf_time_limit=3600
+postconf smtpd_recipient_restrictions="permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policyd-spf"
+postconf smtpd_relay_restrictions="permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
+
+echo >>/etc/postfix/main.cf
+postconf default_destination_concurrency_failed_cohort_limit=10
+postconf default_destination_rate_delay=15s
+postconf default_destination_recipient_limit=20
+
+echo >>/etc/postfix/main.cf
+postconf smtpd_milters=inet:127.0.0.1:8891,inet:127.0.0.1:8893
+postconf non_smtpd_milters='$smtpd_milters'
+postconf milter_default_action=accept
diff --git a/sources/mx.pm/c3d/firstboot/scripts/30_setupdovecot.sh b/sources/mx.pm/c3d/firstboot/scripts/30_setupdovecot.sh
new file mode 100755
index 0000000..3a4b470
--- /dev/null
+++ b/sources/mx.pm/c3d/firstboot/scripts/30_setupdovecot.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+exit 0
+doveadm pw -l
+doveadm pw -s SHA512-CRYPT >>/etc/dovecot/passwd
diff --git a/sources/mx.pm/c3d/firstboot/scripts/40_setupspf.sh b/sources/mx.pm/c3d/firstboot/scripts/40_setupspf.sh
new file mode 100755
index 0000000..01a852e
--- /dev/null
+++ b/sources/mx.pm/c3d/firstboot/scripts/40_setupspf.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -x
+
+
+useradd --comment "SPF User" \
+        --no-create-home \
+        --shell /bin/false \
+        --system \
+        --user-group \
+        policyd-spf
diff --git a/sources/mx.pm/c3d/firstboot/scripts/50_setupopendkim.sh b/sources/mx.pm/c3d/firstboot/scripts/50_setupopendkim.sh
new file mode 100755
index 0000000..60140ef
--- /dev/null
+++ b/sources/mx.pm/c3d/firstboot/scripts/50_setupopendkim.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+set -x
+
+
+sed --in-place=.orig \
+    --expression='s/^Mode[	 ]*v/Mode	sv/' \
+    --expression='s/^#Socket[	 ]*inet:/Socket	inet:/' \
+    --expression='s/^Socket[	 ]*local:/#Socket	local:/' \
+    --expression='s/^KeyFile	/# KeyFile	/' \
+    --expression='s/^# KeyTable	/KeyTable	/' \
+    --expression='s/^# SigningTable	/SigningTable	/' \
+    --expression='s/^# ExternalIgnoreList	/ExternalIgnoreList	/' \
+    --expression='s/^# InternalHosts	/InternalHosts	/' \
+    /etc/opendkim.conf
+
+exit 0
+
+mkdir /etc/opendkim/keys/almabarat.hu
+opendkim-genkey \
+    --append-domain \
+    --bits=4096 \
+    --directory=/etc/opendkim/keys/almabarat.hu \
+    --domain=almabarat.hu \
+    --restrict \
+    --selector=default \
+    --verbose
+
+mkdir /etc/opendkim/keys/useribm.hu
+opendkim-genkey \
+    --append-domain \
+    --bits=4096 \
+    --directory=/etc/opendkim/keys/useribm.hu \
+    --domain=kolafirearms.com \
+    --restrict \
+    --selector=default \
+    --verbose
diff --git a/sources/mx.pm/c3d/firstboot/scripts/60_setupopendmarc.sh b/sources/mx.pm/c3d/firstboot/scripts/60_setupopendmarc.sh
new file mode 100755
index 0000000..6235ad3
--- /dev/null
+++ b/sources/mx.pm/c3d/firstboot/scripts/60_setupopendmarc.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -x
+
+
+sed --in-place=.orig \
+    --expression='s/^# AuthservID name$/AuthservID OpenDMARC/' \
+    --expression='s/^# FailureReports false$/FailureReports true/' \
+    --expression='s/^# FailureReportsOnNone false$/FailureReportsOnNone true/' \
+    --expression='s/^# FailureReportsSentBy USER@HOSTNAME$/FailureReportsSentBy postmaster@useribm.hu/' \
+    --expression='s/^# HistoryFile /HistoryFile /' \
+    --expression='s/^# IgnoreAuthenticatedClients false$/IgnoreAuthenticatedClients true/' \
+    --expression='s/^# IgnoreHosts /IgnoreHosts /' \
+    --expression='s/^# RequiredHeaders false$/RequiredHeaders true/' \
+    --expression='s/^Socket .*$/Socket inet:8893@localhost/' \
+    /etc/opendmarc.conf
diff --git a/sources/mx.pm/c3d/firstboot/scripts/90_setupservices.sh b/sources/mx.pm/c3d/firstboot/scripts/90_setupservices.sh
new file mode 100755
index 0000000..272b915
--- /dev/null
+++ b/sources/mx.pm/c3d/firstboot/scripts/90_setupservices.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+
+systemctl enable crond.service
+systemctl start crond.service
+systemctl enable dovecot.service
+systemctl start dovecot.service
+systemctl enable opendkim.service
+systemctl start opendkim.service
+systemctl enable opendmarc.service
+systemctl start opendmarc.service
+systemctl enable postfix.service
+systemctl start postfix.service
+systemctl enable spamassassin.service
+systemctl start spamassassin.service
+systemctl enable NetworkManager-wait-online.service
+systemctl start NetworkManager-wait-online.service
+
+systemctl enable logrotate.timer
+systemctl start logrotate.timer
diff --git a/sources/mx.pm/c3d/mode.txt b/sources/mx.pm/c3d/mode.txt
new file mode 100644
index 0000000..36728da
--- /dev/null
+++ b/sources/mx.pm/c3d/mode.txt
@@ -0,0 +1,9 @@
+# mode file (relative to /c3d)
+755 firstboot/scripts/*.sh
+640 postinstall/install-data/etc/opendkim/KeyTable
+640 postinstall/install-data/etc/opendkim/SigningTable
+640 postinstall/install-data/etc/opendkim/TrustedHosts
+600 postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.private
+600 postinstall/install-data/etc/opendkim/keys/useribm.hu/default.private
+755 postinstall/install-data/usr/local/bin/*.sh
+755 postinstall/scripts/*.sh
diff --git a/sources/mx.pm/c3d/owner.txt b/sources/mx.pm/c3d/owner.txt
new file mode 100644
index 0000000..94fb89e
--- /dev/null
+++ b/sources/mx.pm/c3d/owner.txt
@@ -0,0 +1,8 @@
+# owner file (relative to /c3d)
+opendkim:opendkim postinstall/install-data/etc/opendkim/KeyTable
+opendkim:opendkim postinstall/install-data/etc/opendkim/SigningTable
+opendkim:opendkim postinstall/install-data/etc/opendkim/TrustedHosts
+opendkim:opendkim postinstall/install-data/etc/opendkim/keys/almabarat.hu
+opendkim:opendkim postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.private
+opendkim:opendkim postinstall/install-data/etc/opendkim/keys/useribm.hu
+opendkim:opendkim postinstall/install-data/etc/opendkim/keys/useribm.hu/default.private
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/dovecot/conf.d/10-ssl.conf b/sources/mx.pm/c3d/postinstall/install-data/etc/dovecot/conf.d/10-ssl.conf
new file mode 100644
index 0000000..f11520e
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/dovecot/conf.d/10-ssl.conf
@@ -0,0 +1,82 @@
+##
+## SSL settings
+##
+
+# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
+# plain imap and pop3 are still allowed for local connections
+ssl = required
+
+# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+# dropping root privileges, so keep the key file unreadable by anyone but
+# root. Included doc/mkcert.sh can be used to easily generate self-signed
+# certificate, just make sure to update the domains in dovecot-openssl.cnf
+ssl_cert = </etc/letsencrypt/live/useribm/fullchain.pem
+ssl_key = </etc/letsencrypt/live/useribm/privkey.pem
+
+# If key file is password protected, give the password here. Alternatively
+# give it when starting dovecot with -p parameter. Since this file is often
+# world-readable, you may want to place this setting instead to a different
+# root owned 0600 file by using ssl_key_password = <path.
+#ssl_key_password =
+
+# PEM encoded trusted certificate authority. Set this only if you intend to use
+# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
+# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
+#ssl_ca =
+
+# Require that CRL check succeeds for client certificates.
+#ssl_require_crl = yes
+
+# Directory and/or file for trusted SSL CA certificates. These are used only
+# when Dovecot needs to act as an SSL client (e.g. imapc backend or
+# submission service). The directory is usually /etc/pki/dovecot/certs in
+# Debian-based systems and the file is /etc/pki/tls/cert.pem in
+# RedHat-based systems. Note that ssl_client_ca_file isn't recommended with
+# large CA bundles, because it leads to excessive memory usage.
+#ssl_client_ca_dir =
+#ssl_client_ca_file =
+
+# Require valid cert when connecting to a remote server
+#ssl_client_require_valid_cert = yes
+
+# Request client to send a certificate. If you also want to require it, set
+# auth_ssl_require_client_cert=yes in auth section.
+#ssl_verify_client_cert = no
+
+# Which field from certificate to use for username. commonName and
+# x500UniqueIdentifier are the usual choices. You'll also need to set
+# auth_ssl_username_from_cert=yes.
+#ssl_cert_username_field = commonName
+
+# SSL DH parameters
+# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
+# Or migrate from old ssl-parameters.dat file with the command dovecot
+# gives on startup when ssl_dh is unset.
+#ssl_dh = </etc/dovecot/dh.pem
+
+# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
+# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
+#ssl_min_protocol = TLSv1
+
+# SSL ciphers to use, the default is:
+#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+# To disable non-EC DH, use:
+#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+ssl_cipher_list = PROFILE=SYSTEM
+
+# Colon separated list of elliptic curves to use. Empty value (the default)
+# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
+# example of a valid value.
+#ssl_curve_list =
+
+# Prefer the server's order of ciphers over client's.
+#ssl_prefer_server_ciphers = no
+
+# SSL crypto device to use, for valid values run "openssl engine"
+#ssl_crypto_device =
+
+# SSL extra options. Currently supported options are:
+#   compression - Enable compression.
+#   no_ticket - Disable SSL session tickets.
+#ssl_options =
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/dovecot/dovecot.conf b/sources/mx.pm/c3d/postinstall/install-data/etc/dovecot/dovecot.conf
new file mode 100644
index 0000000..3266edc
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/dovecot/dovecot.conf
@@ -0,0 +1,122 @@
+## Dovecot configuration file
+
+# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
+
+# "doveconf -n" command gives a clean output of the changed settings. Use it
+# instead of copy&pasting files when posting to the Dovecot mailing list.
+
+# '#' character and everything after it is treated as comments. Extra spaces
+# and tabs are ignored. If you want to use either of these explicitly, put the
+# value inside quotes, eg.: key = "# char and trailing whitespace  "
+
+# Most (but not all) settings can be overridden by different protocols and/or
+# source/destination IPs by placing the settings inside sections, for example:
+# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
+
+# Default values are shown for each setting, it's not required to uncomment
+# those. These are exceptions to this though: No sections (e.g. namespace {})
+# or plugin settings are added by default, they're listed only as examples.
+# Paths are also just examples with the real defaults being based on configure
+# options. The paths listed here are for configure --prefix=/usr
+# --sysconfdir=/etc --localstatedir=/var
+
+# Protocols we want to be serving.
+#protocols = imap pop3 lmtp
+
+# A comma separated list of IPs or hosts where to listen in for connections.
+# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
+# If you want to specify non-default ports or anything more complex,
+# edit conf.d/master.conf.
+#listen = *, ::
+
+# Base directory where to store runtime data.
+#base_dir = /var/run/dovecot/
+
+# Name of this instance. In multi-instance setup doveadm and other commands
+# can use -i <instance_name> to select which instance is used (an alternative
+# to -c <config_path>). The instance name is also added to Dovecot processes
+# in ps output.
+#instance_name = dovecot
+
+# Greeting message for clients.
+#login_greeting = Dovecot ready.
+
+# Space separated list of trusted network ranges. Connections from these
+# IPs are allowed to override their IP addresses and ports (for logging and
+# for authentication checks). disable_plaintext_auth is also ignored for
+# these networks. Typically you'd specify your IMAP proxy servers here.
+#login_trusted_networks =
+
+# Space separated list of login access check sockets (e.g. tcpwrap)
+#login_access_sockets =
+
+# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
+# proxying. This isn't necessary normally, but may be useful if the destination
+# IP is e.g. a load balancer's IP.
+#auth_proxy_self =
+
+# Show more verbose process titles (in ps). Currently shows user name and
+# IP address. Useful for seeing who are actually using the IMAP processes
+# (eg. shared mailboxes or if same uid is used for multiple accounts).
+#verbose_proctitle = no
+
+# Should all processes be killed when Dovecot master process shuts down.
+# Setting this to "no" means that Dovecot can be upgraded without
+# forcing existing client connections to close (although that could also be
+# a problem if the upgrade is e.g. because of a security fix).
+#shutdown_clients = yes
+
+# If non-zero, run mail commands via this many connections to doveadm server,
+# instead of running them directly in the same process.
+#doveadm_worker_count = 0
+# UNIX socket or host:port used for connecting to doveadm server
+#doveadm_socket_path = doveadm-server
+
+# Space separated list of environment variables that are preserved on Dovecot
+# startup and passed down to all of its child processes. You can also give
+# key=value pairs to always set specific settings.
+#import_environment = TZ
+
+##
+## Dictionary server settings
+##
+
+# Dictionary can be used to store key=value lists. This is used by several
+# plugins. The dictionary can be accessed either directly or though a
+# dictionary server. The following dict block maps dictionary names to URIs
+# when the server is used. These can then be referenced using URIs in format
+# "proxy::<name>".
+
+dict {
+  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
+  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
+}
+
+# Most of the actual configuration gets included below. The filenames are
+# first sorted by their ASCII value and parsed in that order. The 00-prefixes
+# in filenames are intended to make it easier to understand the ordering.
+#!include conf.d/*.conf
+!include conf.d/10-ssl.conf
+
+# A config file can also tried to be included without giving an error if
+# it's not found:
+#!include_try local.conf
+
+namespace {
+  inbox = yes
+  separator = /
+}
+
+first_valid_uid = 200
+mail_home = /var/vmail/%n
+mail_location = maildir:~/mail
+
+passdb {
+  driver = passwd-file
+  args = /etc/dovecot/passwd
+}
+
+userdb {
+  driver = static
+  args = uid=250 gid=250
+}
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/dovecot/passwd b/sources/mx.pm/c3d/postinstall/install-data/etc/dovecot/passwd
new file mode 100644
index 0000000..a2127de
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/dovecot/passwd
@@ -0,0 +1 @@
+almabarat:{SHA512-CRYPT}$6$vrvXVuoNX5BcOobV$x8d9HIf53cS5Wfue.CkSR4MEOPpxGj6Q8oDvKCSZvjga2gswYCcViyWxQ.ArAlv9iOWR0oFCmCMuNztowLdFU/
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/mail/spamassassin/local.cf b/sources/mx.pm/c3d/postinstall/install-data/etc/mail/spamassassin/local.cf
new file mode 100644
index 0000000..7969693
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/mail/spamassassin/local.cf
@@ -0,0 +1,10 @@
+# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
+# (see spamassassin(1) for details)
+
+# These should be safe assumptions and allow for simple visual sifting
+# without risking lost emails.
+
+dns_server 192.168.173.223
+required_hits 5
+report_safe 0
+rewrite_header Subject [SPAM](_SCORE_)
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/KeyTable b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/KeyTable
new file mode 100644
index 0000000..2700877
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/KeyTable
@@ -0,0 +1,6 @@
+# OPENDKIM KEY TABLE
+# To use this file, uncomment the #KeyTable option in /etc/opendkim.conf,
+# then uncomment the following line and replace example.com with your domain
+# name, then restart OpenDKIM. Additional keys may be added on separate lines.
+
+default._domainkey.almabarat.hu almabarat.hu:default:/etc/opendkim/keys/almabarat.hu/default.private
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/SigningTable b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/SigningTable
new file mode 100644
index 0000000..5678115
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/SigningTable
@@ -0,0 +1,25 @@
+# OPENDKIM SIGNING TABLE
+# This table controls how to apply one or more signatures to outgoing messages based
+# on the address found in the From: header field. In simple terms, this tells
+# OpenDKIM "how" to apply your keys.
+
+# To use this file, uncomment the SigningTable option in /etc/opendkim.conf,
+# then uncomment one of the usage examples below and replace example.com with your
+# domain name, then restart OpenDKIM.
+
+# WILDCARD EXAMPLE
+# Enables signing for any address on the listed domain(s), but will work only if
+# "refile:/etc/opendkim/SigningTable" is included in /etc/opendkim.conf.
+# Create additional lines for additional domains.
+
+*@almabarat.hu default._domainkey.almabarat.hu
+
+# NON-WILDCARD EXAMPLE
+# If "file:" (instead of "refile:") is specified in /etc/opendkim.conf, then
+# wildcards will not work. Instead, full user@host is checked first, then simply host,
+# then user@.domain (with all superdomains checked in sequence, so "foo.example.com"
+# would first check "user@foo.example.com", then "user@.example.com", then "user@.com"),
+# then .domain, then user@*, and finally *. See the opendkim.conf(5) man page under
+# "SigningTable" for more details.
+
+#example.com default._domainkey.example.com
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/TrustedHosts b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/TrustedHosts
new file mode 100644
index 0000000..79a94e4
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/TrustedHosts
@@ -0,0 +1,10 @@
+# OPENDKIM TRUSTED HOSTS
+# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
+# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
+# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
+# The localhost IP (127.0.0.1) should always be the first entry in this file.
+127.0.0.1
+::1
+mx.pm.useribm.hu
+#host.example.com
+#192.168.1.0/24
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.private b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.private
new file mode 100644
index 0000000..f402992
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.private
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC2Pb8HPZ+o1Bif
+ySkmj+pIk+Yq9/Jm61SgpsMaBa9mPumYv6rP/Nb+JCjHilCcNrV7nh5E5bLdE2zU
+uYNXcmCrm+YzSgo56Mj/BBgq648H1DnKXqNroZw5Eb2e8TrGAl9Fu7LdTsAGalCX
+vsj6wPhHrWhYI5nLUDLxE4O5TG+lJU6LYM9+1WpOlaUMfhpCKWrYv4sIphlkLQgB
+lyzDAndhE+onRd+LmyWk/IZNlHHEsJ1L1rqVGcny9ovHzbMfai8lWBBpNbd7Vxiz
+FIXnx17P126O/NfNeGpb5yWoirZb/e/qpUgZctZtsaFY7BdTKLydj21gaKHa9kA+
+baTa/62Zm45yIywI+DXNrki66ztHIcCtfqGafQOzqvgnwGdcgFAQMfujxXX++PH3
+F9fUbDEGhrAYHRpRE09O4DvKGL4N5FJIzuMW7QEwGTT+dQdFBvNawR1as+1HA1aP
+bcuP9u7BORij4GJD12mSruUTNq2nxmWT/kqoPXIT27Gzv6Ig+PStFgw0hSt1WS8e
+cwxS//9Qxy+vhxPt+peKTeN66G2oeCWMEsXcCBbCcLPorVaZUeAukuQ8LPmnqxDu
+I662chYh1dNMP4Eb4hVVSsmjp4/F2nhW8CJFafHMhYvub5lC++U+FQc587supLh0
+ChF/LjKsPBtZ5Nw8AlHbrVHqmlCW9wIDAQABAoICADyAfFKNkVtt6qzljk1Ymwm0
+XEYooeesOiDJrF0PxR73RPsqqq05PjEKVSWF1GRAP3kGUftCnOKLZ+apniKifNiM
+Pd0KOCHomA4d0F4zbP1G5la6m5uIgEJsEt1ZLc9+Cx4uBeA2HEck9ZOjSbsB5It7
+VPhp/U2D1x21Ala6uxgDLjPUlJ6BgLUNNknS9anAcVH7KU/aQPTChHVuuHQXdgWb
+JHIcXu5MuC8xjO7lmO2ZSudaJwCIGsUYN+jB8DU+Pd+ygGRFaqA+lpshdaEwzdfH
+qFM9OvHih8DyGMz/HDKnOAbZD3ovZ2PshGnum4HGtPPEIaZPpmh4t3RiV0hDeODE
+tcZO+PQ7fSwE1tQ0if9p8u1M0/Y9jpJt62StWj1KujZ2KsbPTgtFKTcfkb10RcBZ
+e9bzo7X4p1nLYMW6RYD3zQajejAWU0DOWcb4Y8NpZV/xEKgpTmNH06WSN1T/fAAd
+vmqviLmk8CVkmNKgjNJecF+gfWpL83K1ie7rVU+skTHb7VC6v5AwxAsSCX0BNQj4
++5vrRyZeXRf5zUjnv2aIu6EXKwMx/qpeBg1TXiCtyGo6XZjY97PLV/VcXpM3PBNc
+Lv6Odmns+OJXJ2OFX58mdAZile4/GMoYuk/zNozyZhEksqQpsv76hYhkLV+1pU83
+m3RbU3+vvPnFlxO1ebANAoIBAQD7RI0YM63aPkYK3YLNI6lVXaOGG/81k7WCps2V
+3/rc0+j7FlhunbRFXR9PaQ4fDIT/E3eOkIFxIPtaXVeC/WVaRxBz2szd8HSYRdRO
+6pXWRnc+JRazErrx4/7i64+6cIqCnJMscbBLTCMOeNpalCW8CiKJ1aueuUfu6tfr
+tfbci60VWDlML2TwCCx8SX9XWZMkOGmEtfdImSPOuRBbIJfQBA2r8sAxXmJZqUhN
+01zqAmL5H1D6qh62aSiytnkgXZyJ44m0UznkL2/ijVvIj9kLBIcZXhnb7A97fCXO
+1t702b7QKQQv52zjPYNTcVa/WMXOruvrsm6b9zInXkjTDuk1AoIBAQC5rGTfTZ9E
+SMG4q4yzDFPR5rE767Gm6NMR/mgAB+N6Oiw77EESiGrC9ziw02LKLZaDANDf1YA1
+VdNVvTUNyYPv9KLKk59Hvo0FRyK7+r3ZSRRD1PuB2CtcQ0owXyL0R2N61JCBopC3
+NexWjwwIVzLH/mh/JVzNn9bBdtmZ1K3qcPXq9RNBB3dUmZb1WTJO+9S1qUWEMuRs
+JR5Usuxv5OESwL/aTSjgHfcR4I2E2M3XVL6AceCVMSnor7F7cTYUVveZz9p7cse+
+OOzuXacyVMUR0pnj578tYyofSefrZDUa5mRzeFLPtAEKEJ4JZY700bxvc4BcPzjo
+zXIjv4E6GDD7AoIBAQCQoCJ+XbChv9pdAqb5IJ+k7SLkXFUHJ6AANbZ7n9IrLSYa
+7/+ym79ZdYJCGPvxzyj2EORuAKsgzJUgrD1kvimKTwEfTj9BN9hElVzgl5HrJeAY
+uwxXwl4sQMlDH8c4zvJKv4jOuhl5HbfH6rP0EvWtSEAdCgmgcJEA6deiarhOtW7I
+rGE+gsEcj/fbCgrr4jkZTgceRgaxmMPNhyPs79Ox/cNIx47sW6FMbm2ZriD66KjD
+L81SmnzXDaxJQVJy2K7zhy6JxqW5u7wwsKC1zmZlOxPv/APyW+uFbi3s4iyuzm5Q
+LmukjxZTreJbMw91T8l7b5+HqMqVpzENC+3q3dhJAoIBAQCDuPf/K7RX3z3/40R4
+KcC1YvJNzlJEVVyYoWHq063gIrEK+frYSQtksbr4R58IS/tBiSyl/3NrYy4A37Bp
+zZLagzWSfdQ8M8Ub/3F25tYU9rF3xfuADHoGhH53fqbvok3C8FZsgYYlVA4NAoLI
+0APoumYr/beu8TyMF+McLTQM5IKyY5d7RO61iBj+in8UZbhsAGCe/vPqfRLdh+oR
+H9FFWpVBLAhZpyiG+EWt/5lYsHhN63wmm7BdsXc6WgDBwUj7R+h6N93Y582+9ZYO
+MPF2SXB/rQOGEZnqhKYR6w95vAV7ndsyG0O5fjx/8hrPOJR0hP6FcxzOnCHjlpL5
+QfxNAoIBAFvk2XODLZ8vupTOVui0g6ZwIFjIL9GBF+Pmld1L02ypJ+lyBfHs913m
+Y03gChJ3SgbqwLax6clIcp66KfGZNx934ZtNPufjHMoCqINbf2pIUGhLFvodD7yx
+YenxIRcrgjLRKkuHXw2wCRYwCxXBVFN4PyCjOTbzvL7Fm8l97b+oYbbrXnZsyo9C
+7bmNtdN6duRCnGLEZjsXcXzlqZwpJemuID5cTYWq+8eA0no0Mhb/k5rK4arZX/nW
+OYr3GmgeO69AxO7jGhwhGsNcgu8xWOV2ZVtwyNKvSU6PWpRQa/eIqkJETazgZdb1
+AlkCM0u2+9PyYoGFlT7YKNFycNarOoc=
+-----END PRIVATE KEY-----
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.txt b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.txt
new file mode 100644
index 0000000..715279d
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.txt
@@ -0,0 +1,4 @@
+default._domainkey.almabarat.hu.	IN	TXT	( "v=DKIM1; k=rsa; s=email; "
+	  "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtj2/Bz2fqNQYn8kpJo/qSJPmKvfyZutUoKbDGgWvZj7pmL+qz/zW/iQox4pQnDa1e54eROWy3RNs1LmDV3Jgq5vmM0oKOejI/wQYKuuPB9Q5yl6ja6GcORG9nvE6xgJfRbuy3U7ABmpQl77I+sD4R61oWCOZy1Ay8RODuUxvpSVOi2DPftVqTpWlDH4aQilq2L+LCKYZZC0IAZ"
+	  "cswwJ3YRPqJ0Xfi5slpPyGTZRxxLCdS9a6lRnJ8vaLx82zH2ovJVgQaTW3e1cYsxSF58dez9dujvzXzXhqW+clqIq2W/3v6qVIGXLWbbGhWOwXUyi8nY9tYGih2vZAPm2k2v+tmZuOciMsCPg1za5Iuus7RyHArX6hmn0Ds6r4J8BnXIBQEDH7o8V1/vjx9xfX1GwxBoawGB0aURNPTuA7yhi+DeRSSM7jFu0BMBk0/nUHRQbzWsEdWrPt"
+	  "RwNWj23Lj/buwTkYo+BiQ9dpkq7lEzatp8Zlk/5KqD1yE9uxs7+iIPj0rRYMNIUrdVkvHnMMUv//UMcvr4cT7fqXik3jeuhtqHgljBLF3AgWwnCz6K1WmVHgLpLkPCz5p6sQ7iOutnIWIdXTTD+BG+IVVUrJo6ePxdp4VvAiRWnxzIWL7m+ZQvvlPhUHOfO7LqS4dAoRfy4yrDwbWeTcPAJR261R6ppQlvcCAwEAAQ==" )  ; ----- DKIM key default for almabarat.hu
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/useribm.hu/default.private b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/useribm.hu/default.private
new file mode 100644
index 0000000..be872e6
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/useribm.hu/default.private
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDDAoNx47MRmWYG
+W1NNj8E2iZ6mlonq/qrcrAHxOR4AkIQ26rLOAwc2N+crLFou7mFnL97EpTZ36o2v
+mG/891DHDQt1Z8k/7qBSTAggfChw0EhoFQzegayejXsCu1t9uuvlIhfqmtsGm2KV
+DF3x0nBQBm+0n1VEwGLSMs5al2h9S2GrfaYREZ/YnInQMqymWXx2zd1TuiT0/Awo
+MDPNPoBpm9p3rzCSvydUrgLWIOjC3HdjoDOsqCX+QxZJajJDGQHWTgWiuEVB7CyE
+Dy6biAi/CIG/sOuJ5rcgfwfRjink4WWb2ldIRKXkYt7nPIuUqEq2LlS/G2qK7NlL
+GHyABjUVAZdXEMilVCPz/b4amXUivAiVKOsvL3YX3IMIYaR4HenKe0C4C2lI2imq
+FgY9TpKEk9JIyjpjOJQhTrT1HtVgxea9el4gzFVX0DNxxiSHG8by1gw9qZscPoVn
+M0m3i+r7MW/kMb1LzMbRPBhJWmuDCx3ua41CBEWZwK6Nb8X2sm8vHCjM8aFk4f52
+uI25y1hd8aqRLFjtgYWoTdpb9Ab7AUpSCqvx+eRtS0985wTvrbHHg/VkWdSXRq7t
+NgTG92o0jgUqKMmMpf8y/1i0ksGfDC1ApVa7rX9Vt1qUsxBKLEyDb3s8rm7ZJw5m
+57UeWK+5CuN4GUIeyPKhWrY/PG4uyQIDAQABAoICAAVEKZw8lnGOD3PHfpc/H8F4
+c54zEt6+PuCpDSpgV6o954bQzWsD05Yyv0hABorIPugkTPie2jrgd4VmRqFHD9mN
+mswdCpHH63DILdtWua7bk8D/zzJTv9TOTvlIFFSaZNQcw2w/VKqNLVsyE3gRg0fz
+TIv3q5FTkreeI0rOAPE1RRog/AhE+L3xnZp6QTBYL/oeCBvtOyHvNpLVQ74yBxIT
+C+d52y7Iq71n2kVsa8IWEGv9KmK/bbs765D9pbArL4yuhwzEZiu9aYcCyUhDowd+
+/tCtl0bI7L7GFMYjd90ppcP7iv+KybdtC3D6MRjJd1m2eZe+8UshfKLAXV2wYo7h
+Cdvo3vphk06ig9LUnAxXUtlgIF+cHOWk+1qN8mYd/EbtsErKDJyvxAuzCgbwp3z2
+wSFCFQADB4q68QXcHq3l5fXsdqYL589XhexdIQDE1BSgKQZ+T5DcVfrvTwkzc9hv
+GTaZkTt42+EYPD+iVbURg6PQ31FLdZ8yehdYet6msVhfcqx1HL3eELItp7pDsA+V
+gOq7QuZi+75I2DfXu5s2p7WKW6bJXVLaGZNcWSlYDE4Y7zFpr3z640bLlnSaEtj8
+g7MXX/MdQ9GsSi6qBkzrlNSKLwO9YTJz7rVCjBQEGSbUEQuaUf7VC03SKl9JhfVf
+VNhJuGZ2z64mFYPGomHJAoIBAQD239ZmDGfGFW4cUfaGYpZ76lbECf0dJxEs3V8I
+KsRInkeFO2pl86BPV3qHVUGW4DpFM2+DGMe9DUvyEtpuB29plBrQskU+nM3JhUiE
+V0S1dDH3IQvMUP34HFs5k91KAgw7v4731d1W4kKPwkKdZ8/BKhW1z4jsEAsQ+ieO
+ar4wNzVlusIkovN0DLEtZP2DXNyiS1Z4mosL3YDaxDE10yXZAIoRND6G/gffqIG5
+hm6jkK2MNfzweb11lEKBVOmL4PxAHL8j0tPNBhjW/PFsvjZFSzAcMBLwKyXU/Yzz
+Cyb/WKBXEGZefq5QpLuS4kqc4pXMJRptHmD7sbiOVO0+ga69AoIBAQDKN+I+8Rip
+j343Rqz98pBkNDmsJ4H9mWKmiN8jexdqMxpWov7DwND26R4Ez4G0yjAjpZ8G602c
+O60atc4OPYjwVzGDFqdHu5bTzHsejSv0pylFSEz8Ng9Xq54Gx+6U+nnmk3isFBLD
+/85G46dtrLvQqRbC7s5p+HhGplIT2uBWcIXO9vzfk4c6CAMQXjGmXYk7b0yczFh+
+8ZJUnTD+dPrAcXt+u0EH/YhKlkGPJr+LchtCUbAKpmFqqEwgb7X/7SlzJssmd7Mz
+DJcXn9+Q0NCsl/Cdd0lWIf6vi43x7CDodmSSDyGGEeVmzGLFf86QyB0/oNc8//aF
+Ub4KjfCZZVb9AoIBAD4B+OsG4KXbSh3o5F/asWuMb6Cr1ZyV7HV1YOI/Q6/tuY8Y
+XmAfMjvbgBYv7tqDlX8+LRsjhT/R8CpsW9rZGT3OinGy5TuVzQZ56L384XAmMEqf
+TURTb4b7MFqk7ichnor/UVykpgSlrgxHwc2hfohJFszkxMJuQSlRe9AEtaKMq2fS
+4eKr3zRd377EJ/zvvScyfxSp1JT1XOEV+DpJv67iuMsbcT0c30NpIrRDtNR2iXC3
+OsH4AgNfatjrSAHvT8yWq9fGo5ZSmridLdKfcCg1e28JECis3cLCsL13JqNqUlOr
+9dp0PTpaNhbtqcoAC5oME7gmsjtl5zIw2Kojjo0CggEAFMmT32aHY37VubbxN5XE
+1BguSY0yJrCq3HW7gnk32fnw3jEZQWRD1u314Qa3za7vLerroxlzO/lCfTltOjeH
+KTW9aD1e6tfU1GbzzRs0Bo1ch7u79j1UbG2+6/GHjBcHivVj9USG/VEBknX6kyKr
+l/KZ3WYRIAGj05drXpEkeJ5Okwz+x7jxsLx8HCWisvhwkASL+p5jBoGsyjfyfmXm
+FPxVdpynPbwJU6mIib+w9xO+y518HEwoPX+Ze8ggDHQDy8uUHJs3d6r2qT4NDGT6
+3pMr7/QAPPN3q/ILoG/mnh71jbIyfwa970hZavYNdQKtRwowthuV6vSRNaKLtikd
+vQKCAQEAhqBv7x6EJcNA21GFV8BRVX4cs5lfL1T1DR7EHaqcgqYHvpe9VhD7xJ8G
+yntIWWjwGRCDxXD1Bn7J3d3qCVpwiingCm2NVF126qmHSsTS2CKYUhKwS24jGJNl
+aMRDizcXv0VGkzi607ETQX06gT5qcT5Hw9jjdBQOik5AWFBkDA1lXlt8mzK5Uts3
+6H88jzp0Y6c/MyuyeIpTtAo3/dzuhp/LlYAftWex8PrPtyay7Pg246IQEcJz/EoI
+I6X/KxQFI5T3nqGplOAmSfDG/qo2ZgAMwZm3YKXEzXSqE4OR+n4WYEIKJnSGbLBV
+lWSGslSl1ByAno+TfZuRiqCYxVv3ZA==
+-----END PRIVATE KEY-----
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/useribm.hu/default.txt b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/useribm.hu/default.txt
new file mode 100644
index 0000000..0410dcb
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/opendkim/keys/useribm.hu/default.txt
@@ -0,0 +1,4 @@
+default._domainkey.useribm.hu.	IN	TXT	( "v=DKIM1; k=rsa; s=email; "
+	  "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwwKDceOzEZlmBltTTY/BNomeppaJ6v6q3KwB8TkeAJCENuqyzgMHNjfnKyxaLu5hZy/exKU2d+qNr5hv/PdQxw0LdWfJP+6gUkwIIHwocNBIaBUM3oGsno17Artbfbrr5SIX6prbBptilQxd8dJwUAZvtJ9VRMBi0jLOWpdofUthq32mERGf2JyJ0DKspll8ds3dU7ok9PwMKD"
+	  "AzzT6AaZvad68wkr8nVK4C1iDowtx3Y6AzrKgl/kMWSWoyQxkB1k4ForhFQewshA8um4gIvwiBv7Driea3IH8H0Y4p5OFlm9pXSESl5GLe5zyLlKhKti5UvxtqiuzZSxh8gAY1FQGXVxDIpVQj8/2+Gpl1IrwIlSjrLy92F9yDCGGkeB3pyntAuAtpSNopqhYGPU6ShJPSSMo6YziUIU609R7VYMXmvXpeIMxVV9AzccYkhxvG8tYMPamb"
+	  "HD6FZzNJt4vq+zFv5DG9S8zG0TwYSVprgwsd7muNQgRFmcCujW/F9rJvLxwozPGhZOH+driNuctYXfGqkSxY7YGFqE3aW/QG+wFKUgqr8fnkbUtPfOcE762xx4P1ZFnUl0au7TYExvdqNI4FKijJjKX/Mv9YtJLBnwwtQKVWu61/VbdalLMQSixMg297PK5u2ScOZue1HlivuQrjeBlCHsjyoVq2PzxuLskCAwEAAQ==" )  ; ----- DKIM key default for useribm.hu
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/opendmarc/ignore.hosts b/sources/mx.pm/c3d/postinstall/install-data/etc/opendmarc/ignore.hosts
new file mode 100644
index 0000000..42608fa
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/opendmarc/ignore.hosts
@@ -0,0 +1,6 @@
+10.162.0.0/16
+127.0.0.1
+192.168.173.99
+192.168.173.249
+hs.pm.qqcs.org
+ws.pm.qqcs.org
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/postfix/vmail_aliases b/sources/mx.pm/c3d/postinstall/install-data/etc/postfix/vmail_aliases
new file mode 100644
index 0000000..92a16ba
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/postfix/vmail_aliases
@@ -0,0 +1,2 @@
+almabarat@almabarat.hu			beszerzes@userrendszerhaz.hu
+postmaster@almabarat.hu			beszerzes@userrendszerhaz.hu
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/postfix/vmail_maildirs b/sources/mx.pm/c3d/postinstall/install-data/etc/postfix/vmail_maildirs
new file mode 100644
index 0000000..759beea
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/postfix/vmail_maildirs
@@ -0,0 +1 @@
+almabarat@almabarat.hu		almabarat/mail/
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/rsyslog.d/remote.conf b/sources/mx.pm/c3d/postinstall/install-data/etc/rsyslog.d/remote.conf
new file mode 100644
index 0000000..953fa5a
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/rsyslog.d/remote.conf
@@ -0,0 +1,5 @@
+module(load="omrelp")
+
+if $syslogfacility-text == "mail" then {
+    action(type="omrelp" target="log.in.useribm.hu" port="2514")
+}
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/sasl2/sasldb2 b/sources/mx.pm/c3d/postinstall/install-data/etc/sasl2/sasldb2
new file mode 100644
index 0000000..c6d846f
Binary files /dev/null and b/sources/mx.pm/c3d/postinstall/install-data/etc/sasl2/sasldb2 differ
diff --git a/sources/mx.pm/c3d/postinstall/install-data/etc/sasl2/smtpd.conf b/sources/mx.pm/c3d/postinstall/install-data/etc/sasl2/smtpd.conf
new file mode 100644
index 0000000..0eb887e
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/etc/sasl2/smtpd.conf
@@ -0,0 +1,3 @@
+pwcheck_method: auxprop
+auxprop_plugin: sasldb
+mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
diff --git a/sources/mx.pm/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh b/sources/mx.pm/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh
new file mode 100755
index 0000000..8755be6
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh
@@ -0,0 +1,88 @@
+#!/bin/sh
+
+
+# cases are:
+# 1: /etc/letsencrypt does not exist
+# 2: /etc/letsencrypt exists
+# 2.1: /etc/letsencrypt.staging does not exist
+# 2.1.1: /etc/letsencrypt.from-pki differs from /etc/letsencrypt
+# 2.1.2: /etc/letsencrypt.from-pki is the same as /etc/letsencrypt
+# 2.2: /etc/letsencrypt.staging exists
+# 2.2.1: /etc/letsencrypt.from-pki differs from /etc/letsencrypt.staging
+# 2.2.2: /etc/letsencrypt.from-pki is the same as /etc/letsencrypt.staging
+
+
+LE_DIRECTORY=/etc/letsencrypt
+LE_FP_DIRECTORY=${LE_DIRECTORY}.from-pki
+LE_OLD_DIRECTORY=${LE_DIRECTORY}.old
+LE_STAGING_DIRECTORY=${LE_DIRECTORY}.staging
+
+
+rm --force --recursive $LE_FP_DIRECTORY
+echo "getting letsencrypt directory from pki"
+/usr/bin/rsync \
+    --archive \
+    --delete-after \
+    --info=STATS \
+    pki.in.useribm.hu::letsencrypt \
+    $LE_FP_DIRECTORY
+if [ $? -ne 0 ]
+then
+    echo "cannot get letsencrypt directory from pki"
+    rm --force --recursive $LE_FP_DIRECTORY
+    exit 1
+fi
+
+if [ -d $LE_DIRECTORY ]
+then
+    # case 2
+    echo "$LE_DIRECTORY exists"
+    if [ -d $LE_STAGING_DIRECTORY ]
+    then
+        # case 2.2
+        echo "  $LE_STAGING_DIRECTORY exists"
+        diff --brief --recursive $LE_FP_DIRECTORY $LE_STAGING_DIRECTORY
+        DIFFERS=$?
+        if [ $DIFFERS -eq 0 ]
+        then
+            # case 2.2.2
+            echo "    $LE_FP_DIRECTORY the same as $LE_STAGING_DIRECTORY"
+            echo "    moving $LE_STAGING_DIRECTORY to $LE_DIRECTORY"
+            rm --force --recursive $LE_FP_DIRECTORY
+            rm --force --recursive $LE_OLD_DIRECTORY
+            mv $LE_DIRECTORY $LE_OLD_DIRECTORY
+            mv $LE_STAGING_DIRECTORY $LE_DIRECTORY
+            echo "    restarting dovecot and postfix services"
+            systemctl restart dovecot.service
+            systemctl restart postfix.service
+        else
+            # case 2.2.1
+            echo "    $LE_FP_DIRECTORY differs from $LE_STAGING_DIRECTORY"
+            echo "    moving $LE_FP_DIRECTORY to $LE_STAGING_DIRECTORY"
+            rm --force --recursive $LE_STAGING_DIRECTORY
+            mv $LE_FP_DIRECTORY $LE_STAGING_DIRECTORY
+        fi
+    else
+        # case 2.1
+        echo "  $LE_STAGING_DIRECTORY does not exist"
+        diff --brief --recursive $LE_FP_DIRECTORY $LE_DIRECTORY
+        DIFFERS=$?
+        if [ $DIFFERS -eq 0 ]
+        then
+            # case 2.1.2
+            echo "    $LE_FP_DIRECTORY is the same as $LE_DIRECTORY"
+            echo "    removing $LE_FP_DIRECTORY"
+            rm --force --recursive $LE_FP_DIRECTORY
+        else
+            # case 2.1.1
+            echo "    $LE_FP_DIRECTORY differs from $LE_DIRECTORY"
+            echo "    moving $LE_FP_DIRECTORY to $LE_STAGING_DIRECTORY"
+            mv $LE_FP_DIRECTORY $LE_STAGING_DIRECTORY
+        fi
+    fi
+else
+    # case 1
+    echo "$LE_DIRECTORY does not exist"
+    echo "moving $LE_FP_DIRECTORY to $LE_DIRECTORY"
+    mv $LE_FP_DIRECTORY $LE_DIRECTORY
+fi
diff --git a/sources/mx.pm/c3d/postinstall/scripts/01_editfiles.sh b/sources/mx.pm/c3d/postinstall/scripts/01_editfiles.sh
new file mode 100755
index 0000000..a39551a
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/scripts/01_editfiles.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+
+sed --in-place=.orig \
+    '/^After=.*network\.target.*$/a After=network-online.target\nWants=network-online.target' \
+    /usr/lib/systemd/system/postfix.service
+
+sed --in-place=.orig \
+    '/^After=.*network\.target.*$/a After=network-online.target\nWants=network-online.target' \
+    /usr/lib/systemd/system/spamassassin.service
diff --git a/sources/mx.pm/c3d/postinstall/scripts/10_setupservices.sh b/sources/mx.pm/c3d/postinstall/scripts/10_setupservices.sh
new file mode 100755
index 0000000..334c224
--- /dev/null
+++ b/sources/mx.pm/c3d/postinstall/scripts/10_setupservices.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+
+systemctl disable crond.service
+systemctl disable dovecot.service
+systemctl disable opendkim.service
+systemctl disable opendmarc.service
+systemctl disable postfix.service
+systemctl disable spamassassin.service
+systemctl disable NetworkManager-wait-online.service
+
+systemctl disable logrotate.timer
diff --git a/sources/mx.pm/config b/sources/mx.pm/config
new file mode 100644
index 0000000..a4eac82
--- /dev/null
+++ b/sources/mx.pm/config
@@ -0,0 +1,27 @@
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = mx.pm.useribm.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.mount.auto = proc sys
+lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/vmail	var/vmail	none	bind,create=dir	0 0
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.link = brch-dev
+lxc.net.0.hwaddr = 02:0c:18:03:ad:9a
+
+lxc.autodev = 1
+
+lxc.cgroup2.devices.allow = a
+lxc.cgroup2.memory.high = 3G
+lxc.cgroup2.memory.max = 4G
+
+lxc.idmap = u 0 100000 100000
+lxc.idmap = g 0 100000 100000
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = __CONTAINER_START_ORDER__
+lxc.start.delay = 5
diff --git a/sources/mx.pm/envvars b/sources/mx.pm/envvars
new file mode 100644
index 0000000..e0a6ee7
--- /dev/null
+++ b/sources/mx.pm/envvars
@@ -0,0 +1,17 @@
+DISTRIBUTION=Fedora
+DISTRIBUTION_VERSION=41
+SPEC_PACKAGES="cronie \
+               cyrus-sasl \
+               cyrus-sasl-md5 \
+               cyrus-sasl-plain \
+               cyrus-sasl-scram \
+               dovecot \
+               mailx \
+               opendkim \
+               opendkim-tools \
+               opendmarc \
+               postfix \
+               pypolicyd-spf \
+               python3-authres \
+               rsync \
+               spamassassin"