From 5ea67d0edadd90978c564f0d7e51c061db7b8abf Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Wed, 13 Feb 2019 17:01:35 +0100
Subject: [PATCH] Updated ws.pm.f29 and efg.pm.f29 (enabled web-based e-mails).

---
 .../firstboot/11_iptables_set_efg_rules.sh    | 70 ++-----------------
 .../ws.pm.f29/firstboot/11_setuppostfix.sh    |  7 ++
 2 files changed, 13 insertions(+), 64 deletions(-)
 create mode 100755 sources/ws.pm.f29/firstboot/11_setuppostfix.sh

diff --git a/sources/efg.pm.f29/firstboot/11_iptables_set_efg_rules.sh b/sources/efg.pm.f29/firstboot/11_iptables_set_efg_rules.sh
index 503a897..69a80d8 100755
--- a/sources/efg.pm.f29/firstboot/11_iptables_set_efg_rules.sh
+++ b/sources/efg.pm.f29/firstboot/11_iptables_set_efg_rules.sh
@@ -160,35 +160,6 @@ $IPTABLES --table filter --append FORWARD \
           --destination $VPN_INTERNAL_IP \
           --destination-port 1194 \
           --jump ACCEPT
-# forward smtp and dns requests
-#     from the internet
-#     to the perimeter svc host
-#$IPTABLES --table filter --append FORWARD \
-#          --match comment \
-#          --comment "smtp, dns -> perimeter service host" \
-#          --protocol tcp \
-#          --in-interface $EXTERNAL_IF_STATIC \
-#          --out-interface $PERIMETER_IF \
-#          --destination $SVC_PERIMETER_IP \
-#          --match multiport \
-#          --destination-ports 25,53 \
-#          --jump ACCEPT
-# forward smtp and dns replies
-#     of established sessions
-#     from the perimeter svc host
-#     to the internet
-#$IPTABLES --table filter --append FORWARD \
-#          --match comment \
-#          --comment "perimeter service host smtp, dns replies" \
-#          --protocol tcp \
-#          --match conntrack \
-#          --ctstate ESTABLISHED \
-#          --in-interface $PERIMETER_IF \
-#          --source $SVC_PERIMETER_IP \
-#          --match multiport \
-#          --source-ports 25,53 \
-#          --out-interface $EXTERNAL_IF_STATIC \
-#          --jump ACCEPT
 # forward http and https requests
 #     from the internet
 #     to the perimeter web server host
@@ -218,35 +189,6 @@ $IPTABLES --table filter --append FORWARD \
           --source-ports 80,443 \
           --out-interface $EXTERNAL_IF_STATIC \
           --jump ACCEPT
-## forward http and https requests
-##     from the internet
-##     to the perimeter whmcs host
-#$IPTABLES --table filter --append FORWARD \
-#          --match comment \
-#          --comment "http, https -> perimeter whmcs host" \
-#          --protocol tcp \
-#          --in-interface $EXTERNAL_IF_194 \
-#          --out-interface $PERIMETER_IF \
-#          --destination $WHMCS_PERIMETER_IP \
-#          --match multiport \
-#          --destination-ports 80,443 \
-#          --jump ACCEPT
-## forward http and https replies
-##     of established sessions
-##     from the perimeter whmcs host
-##     to the internet
-#$IPTABLES --table filter --append FORWARD \
-#          --match comment \
-#          --comment "perimeter whmcs host http, https replies" \
-#          --protocol tcp \
-#          --match conntrack \
-#          --ctstate ESTABLISHED \
-#          --in-interface $PERIMETER_IF \
-#          --source $WHMCS_PERIMETER_IP \
-#          --match multiport \
-#          --source-ports 80,443 \
-#          --out-interface $EXTERNAL_IF_194 \
-#          --jump ACCEPT
 # forward dns requests and notifications
 #     from the internet
 #     to the external name server host
@@ -386,32 +328,32 @@ $IPTABLES --table filter --append FORWARD \
           --out-interface $PERIMETER_IF \
           --destination $SVC_PERIMETER_IP \
           --jump ACCEPT
-# forward http and https requests
+# forward smtp, http and https requests
 #     from the perimeter web server host
 #     to the internet
 $IPTABLES --table filter --append FORWARD \
           --match comment \
-          --comment "perimeter ws host http, https requests (let's encrypt)" \
+          --comment "perimeter ws host smtp, http, https requests (let's encrypt)" \
           --protocol tcp \
           --in-interface $PERIMETER_IF \
           --source $WS_PERIMETER_IP \
           --out-interface $EXTERNAL_IF_STATIC \
           --match multiport \
-          --destination-ports 80,443 \
+          --destination-ports 25,80,443 \
           --jump ACCEPT
-# forward http and https replies
+# forward smtp, http and https replies
 #     of established sessions
 #     from the internet
 #     to the perimeter web server host
 $IPTABLES --table filter --append FORWARD \
           --match comment \
-          --comment "perimeter ws host http, https replies (let's encrypt)" \
+          --comment "perimeter ws host smtp, http, https replies (let's encrypt)" \
           --protocol tcp \
           --match conntrack \
           --ctstate ESTABLISHED \
           --in-interface $EXTERNAL_IF_STATIC \
           --match multiport \
-          --source-ports 80,443 \
+          --source-ports 25,80,443 \
           --out-interface $PERIMETER_IF \
           --destination $WS_PERIMETER_IP \
           --jump ACCEPT
diff --git a/sources/ws.pm.f29/firstboot/11_setuppostfix.sh b/sources/ws.pm.f29/firstboot/11_setuppostfix.sh
new file mode 100755
index 0000000..e78e979
--- /dev/null
+++ b/sources/ws.pm.f29/firstboot/11_setuppostfix.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+
+#echo "relayhost = mx.usr.user.hu" >>/etc/postfix/main.cf
+
+systemctl enable postfix.service
+systemctl start postfix.service
-- 
2.54.0