package install

import "fmt"

const (
	postconf = "postconf"
)

func setPostfixVirtualMysql() error {
	if e := postfixSetConfig("virtual_alias_maps", "mysql:/etc/postfix/mysql/virtual_alias_maps.cf"); e != nil {
		return e
	}
	if e := postfixSetConfig("virtual_mailbox_domains", "mysql:/etc/postfix/mysql/virtual_domains_maps.cf"); e != nil {
		return e
	}
	if e := postfixSetConfig("virtual_mailbox_maps", "mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf"); e != nil {
		return e
	}
	return nil
}

func setPostfixConfigAll(hostname string) error {
	postfixSetConfig("compatibility_level", "2")
	postfixSetConfig("queue_directory", "/var/spool/postfix")
	postfixSetConfig("command_directory", "/usr/sbin")
	postfixSetConfig("daemon_directory", "/usr/libexec/postfix")
	postfixSetConfig("data_directory", "/var/lib/postfix")
	postfixSetConfig("mail_owner", "postfix")
	postfixSetConfig("myhostname", hostname)
	postfixSetConfig("mydomain", "")
	postfixSetConfig("myorigin", "$myhostname")
	postfixSetConfig("inet_interfaces", "all")
	postfixSetConfig("unknown_local_recipient_reject_code", "550")
	postfixSetConfig("mynetworks_style", "host")
	postfixSetConfig("alias_maps", "hash:/etc/aliases")
	postfixSetConfig("smtpd_banner", "$myhostname ESMTP $mail_name")
	postfixSetConfig("debug_peer_level", "2")
	postfixSetConfig("debugger_command", "PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5")
	postfixSetConfig("sendmail_path", "/usr/sbin/sendmail")
	postfixSetConfig("newaliases_path", "/usr/bin/newaliases")
	postfixSetConfig("mailq_path", "/usr/bin/mailq")
	postfixSetConfig("setgid_group", "postdrop")
	postfixSetConfig("html_directory", "no")
	postfixSetConfig("manpage_directory", "/usr/share/man")
	postfixSetConfig("readme_directory", "no")
	postfixSetConfig("inet_protocols", "ipv4,ipv6")
	postfixSetConfig("meta_directory", "/etc/postfix")
	postfixSetConfig("shlib_directory", "/usr/lib64/postfix/${mail_version}")
	postfixSetConfig("smtp_tls_session_cache_database", "btree:/var/lib/postfix/smtp_scache")
	postfixSetConfig("smtp_tls_security_level", "may")
	postfixSetConfig("tls_random_source", "dev:/dev/urandom")
	postfixSetConfig("smtp_tls_loglevel", "1")
	postfixSetConfig("smtpd_tls_loglevel", "1")
	postfixSetConfig("smtpd_tls_cert_file", fmt.Sprintf("/etc/letsencrypt/live/%s/fullchain.pem", hostname))
	postfixSetConfig("smtpd_tls_received_header", "yes")
	postfixSetConfig("smtpd_tls_security_level", "may")
	postfixSetConfig("smtpd_tls_key_file", fmt.Sprintf("/etc/letsencrypt/live/%s/privkey.pem", hostname))
	postfixSetConfig("append_dot_mydomain", "no")
	postfixSetConfig("biff", "no")
	postfixSetConfig("delay_warning_time", "4h")
	postfixSetConfig("smtpd_use_tls", "yes")
	postfixSetConfig("smtpd_tls_session_cache_database", "btree:/var/lib/postfix/smtpd_scache")
	postfixSetConfig("smtp_tls_session_cache_database", "btree:/var/lib/postfix/smtp_scache")
	postfixSetConfig("smtpd_tls_loglevel", "1")
	postfixSetConfig("smtpd_tls_auth_only", "yes")
	postfixSetConfig("mailbox_size_limit", "0")
	postfixSetConfig("recipient_delimiter", "+")
	postfixSetConfig("notify_classes", "resource, software")
	postfixSetConfig("error_notice_recipient", "info@icod.de")
	// postfixSetConfig("")
	return nil
}

func postfixSetConfig(key, value string) error {
	return runCmd(postconf, "-e", fmt.Sprintf("%s = %s", key, value))
}

/*

virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /srv/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
#dovecot_destination_recipient_limit = 1
virtual_transport = lmtp:unix:private/dovecot-lmtp

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
message_size_limit = 40000000
home_mailbox = Maildir/
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname

smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
smtp_tls_mandatory_protocols  = !SSLv2,!SSLv3,!TLSv1
smtpd_tls_protocols           = !SSLv2,!SSLv3,!TLSv1
smtp_tls_protocols            = !SSLv2,!SSLv3,!TLSv1
smtpd_tls_mandatory_ciphers = medium
tls_random_source = dev:/dev/urandom
smtpd_recipient_restrictions =
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_non_fqdn_sender,
        reject_unauth_pipelining,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client bl.spamcop.net,

smtpd_helo_required = yes

smtpd_sender_restrictions =
        reject_unknown_sender_domain,
        check_sender_access pcre:/etc/postfix/access

smtpd_data_restrictions =
        reject_unauth_pipelining

smtpd_client_restrictions = permit_sasl_authenticated
#,reject_rbl_client localhost
#        check_client_access hash:/etc/postfix/client_access,

smtpd_milters     = inet:localhost:8891 inet:localhost:11332
non_smtpd_milters = inet:localhost:8891
milter_default_action = accept
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_dh512_param_file = /etc/postfix/dhparams.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
*/