From 9bbaeb67d3d3701374a05a51aa8d06619f843b51 Mon Sep 17 00:00:00 2001
From: CroneKorkN <i@ckn.li>
Date: Sat, 12 Jul 2025 13:53:46 +0200
Subject: [PATCH] mailman poc email sent

---
 bundles/mailman/README.md         | 31 +++++++++++++++++++++++++++++
 bundles/mailman/files/mailman.cfg |  6 ------
 bundles/mailman/files/postfix.cf  |  3 ++-
 bundles/mailman/metadata.py       | 33 +++++++++++++++++++++++++++++++
 bundles/systemd-timers/items.py   |  4 ++--
 nodes/mseibert.mailman.py         | 18 ++++++++++-------
 6 files changed, 79 insertions(+), 16 deletions(-)
 create mode 100644 bundles/mailman/README.md

diff --git a/bundles/mailman/README.md b/bundles/mailman/README.md
new file mode 100644
index 0000000..1751725
--- /dev/null
+++ b/bundles/mailman/README.md
@@ -0,0 +1,31 @@
+
+`echo export REST_API_PASS=$(bw metadata mseibert.mailman -k mailman/api_password | jq -r .mailman.api_password)`
+```sh
+curl -s -o /dev/null \
+     -w "Status: %{http_code}\nTime: %{time_total}s\n" \
+     -u restadmin:$REST_API_PASS \
+     -H "Content-Type: application/json" \
+     -X POST http://localhost:8001/3.1/queues/in \
+     -d '{
+       "list_id": "testlist-2.mailman.ckn.li",
+       "text": "From: i@ckn.li\nTo: testlist-2@mailman.ckn.li\nSubject: Curl-Driven Test $(date)\n\nHello everyone — this is a test sent via curl! $(date)"
+     }'
+```
+
+`tail -f /var/log/mailman3/*.log`
+
+```log
+==> /var/log/mailman3/mailman.log <==
+[12/Jul/2025:10:31:10 +0000] "POST /3.1/queues/in HTTP/1.1" 201 0 "-" "curl/7.88.1"
+Jul 12 10:31:10 2025 (2895919) ACCEPT: <175231627036.2895954.10009667988468073605@mseibert.mailman>
+
+==> /var/log/mailman3/smtp.log <==
+Jul 12 10:31:12 2025 (2895922) <175231627036.2895954.10009667988468073605@mseibert.mailman> smtp to testlist-2@mailman.ckn.li for 1 recips, completed in 0.059294939041137695 seconds
+Jul 12 10:31:12 2025 (2895922) <175231627036.2895954.10009667988468073605@mseibert.mailman> post to testlist-2@mailman.ckn.li from i@ckn.li, 333 bytes
+Jul 12 10:31:12 2025 (2895922) <175231627160.2895923.10669516773822847070@mseibert.mailman> smtp to testlist-2@mailman.ckn.li for 1 recips, completed in 0.0047571659088134766 seconds
+Jul 12 10:31:12 2025 (2895922) <175231627160.2895923.10669516773822847070@mseibert.mailman> post to testlist-2@mailman.ckn.li from testlist-2-bounces@mailman.ckn.li, 736 bytes
+```
+
+`journalctl -f | grep postfix/`
+
+`mailq | head -20`
\ No newline at end of file
diff --git a/bundles/mailman/files/mailman.cfg b/bundles/mailman/files/mailman.cfg
index 9141e5d..e190640 100644
--- a/bundles/mailman/files/mailman.cfg
+++ b/bundles/mailman/files/mailman.cfg
@@ -250,12 +250,6 @@ outgoing: mailman.mta.deliver.deliver
 
 # How to connect to the outgoing MTA.  If smtp_user and smtp_pass is given,
 # then Mailman will attempt to log into the MTA when making a new connection.
-# smtp_host: smtp.ionos.de
-# smtp_port: 587
-# smtp_user: ${smtp_user}
-# smtp_pass: ${smtp_password}
-# smtp_secure_mode: starttls
-
 smtp_host: 127.0.0.1
 smtp_port: 25
 smtp_user:
diff --git a/bundles/mailman/files/postfix.cf b/bundles/mailman/files/postfix.cf
index 1521d9f..1c2b2ff 100644
--- a/bundles/mailman/files/postfix.cf
+++ b/bundles/mailman/files/postfix.cf
@@ -39,7 +39,8 @@ mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
-inet_protocols = all
+#inet_protocols = all
+inet_protocols = ipv4
 
 unknown_local_recipient_reject_code = 550
 owner_request_special = no
diff --git a/bundles/mailman/metadata.py b/bundles/mailman/metadata.py
index dda398a..cf05559 100644
--- a/bundles/mailman/metadata.py
+++ b/bundles/mailman/metadata.py
@@ -114,3 +114,36 @@ def secrets(metadata):
             'archiver_key': derive_mailadmin_secret(metadata, 'archiver_key'),
         },
     }
+
+
+@metadata_reactor.provides(
+    'dns',
+)
+def dns(metadata):
+    report_email = metadata.get('mailman/dmarc_report_email')
+
+    return {
+        'dns': {
+            metadata.get('mailman/hostname'): {
+                'MX': [f"5 {metadata.get('mailman/hostname')}."],
+                'TXT': [
+                    'v=spf1 a mx -all',
+                    '; '.join(f'{k}={v}' for k, v in {
+                    # dmarc version
+                    'v': 'DMARC1',
+                    # reject on failure
+                    'p': 'reject',
+                    # standard reports
+                    'rua': f'mailto:{report_email}',
+                    # forensic reports
+                    'fo': 1,
+                    'ruf': f'mailto:{report_email}',
+                    # require alignment between the DKIM domain and the parent Header From domain
+                    'adkim': 's',
+                    # require alignment between the SPF domain (the sender) and the Header From domain
+                    'aspf': 's',
+                }.items())
+                ],
+            },
+        },
+    }
diff --git a/bundles/systemd-timers/items.py b/bundles/systemd-timers/items.py
index f53c496..7f87f0c 100644
--- a/bundles/systemd-timers/items.py
+++ b/bundles/systemd-timers/items.py
@@ -1,6 +1,6 @@
 svc_systemd['cron'] = {
-    'enabled': False,
-    'running': False,
+    'enabled': node.metadata.get('systemd_timers/cron/enabled', False),
+    'running': node.metadata.get('systemd_timers/cron/enabled', False),
 }
 
 files['/usr/lib/nagios/plugins/check_systemd_timer'] = {
diff --git a/nodes/mseibert.mailman.py b/nodes/mseibert.mailman.py
index de15fcd..0ae2676 100644
--- a/nodes/mseibert.mailman.py
+++ b/nodes/mseibert.mailman.py
@@ -35,14 +35,18 @@
         'mailman': {
             'hostname': 'mailman.ckn.li',
             'site_owner_email': '!decrypt:encrypt$gAAAAABoWEeTyypfKw9l9jnNgF4GlS0-6O2NWCB0f3Fj1XnQ_HMjHXymAL8FWTyQjRmz3r8KnGJ-sogfnhW6lub_pnuk-wqB5Zuy9tgGsfi3RvkyNaOUeTE=',
-            'smtp_host': 'smtp.ionos.de',
-            'smtp_port': 465,
-            'smtp_user': '!decrypt:encrypt$gAAAAABoWEcZlLxiTKluyg3gZ-un2fYkuviW9BD9tTW8mfKBL5d41Z1X7LtI5CDnhhLXTGFpPnY1thr17h22oW3Ybz_WPgvbJVepnVwmeQwvMpg2psATKAY=',
-            'smtp_password': '!decrypt:encrypt$gAAAAABoWDusH3XY4ONh8MnmfBbyHW477ipjSycb3TiDGXxO5eujum80zXjNrOblswCGRTHsW9UasM_dXeeGBsa7KcK4s6AK_eynXCWeLCtXfrUSE_oEd7c='
+            'dmarc_report_email': 'dmarc@sublimity.de',
+
+            # 'smtp_host': 'smtp.ionos.de',
+            # 'smtp_port': 465,
+            # 'smtp_user': '!decrypt:encrypt$gAAAAABoWEcZlLxiTKluyg3gZ-un2fYkuviW9BD9tTW8mfKBL5d41Z1X7LtI5CDnhhLXTGFpPnY1thr17h22oW3Ybz_WPgvbJVepnVwmeQwvMpg2psATKAY=',
+            # 'smtp_password': '!decrypt:encrypt$gAAAAABoWDusH3XY4ONh8MnmfBbyHW477ipjSycb3TiDGXxO5eujum80zXjNrOblswCGRTHsW9UasM_dXeeGBsa7KcK4s6AK_eynXCWeLCtXfrUSE_oEd7c='
+        },
+        'systemd_timers': {
+            'cron': {
+                'enabled': True,
+            },
         },
-        'overwrite_nameservers': [
-            '8.8.8.8',
-        ],
         'vm': {
             'cores': 2,
             'ram': 4096,