From 563a44ff2890d45f1ab04f75cf7f61f45ef2111c Mon Sep 17 00:00:00 2001
From: Fabio Erculiani <lxnay@sabayon.org>
Date: Sat, 16 Oct 2010 23:52:11 +0200
Subject: [PATCH] [remaster/mcs] some more MCS stuff

---
 remaster/mcs/mcs-functions.sh                 |  34 +-
 remaster/mcs/mmt_scripts/config.sh            |  22 +
 remaster/mcs/mmt_scripts/deliver.sh           |  65 ++
 remaster/mcs/mmt_scripts/emailpush.pl         |  56 ++
 remaster/mcs/mmt_scripts/schedulebe.py        | 379 +++++++++
 remaster/mcs/mwsql.sql                        |   3 +
 .../postfix/ldapconf/ldap_internal_forward.cf |   7 +
 .../ldapconf/ldap_internal_mx_reject.cf       |   8 +
 .../postfix/ldapconf/ldap_internaldomains.cf  |   6 +
 .../postfix/ldapconf/ldap_internalmailbox.cf  |   7 +
 .../mcs/postfix/ldapconf/ldap_policygroup.cf  |   8 +
 .../postfix/ldapconf/ldap_sender_mismatch.cf  |   8 +
 remaster/mcs/postfix/main.cf                  | 732 ++++++++++++++++++
 remaster/mcs/postfix/master.cf                | 111 +++
 ...aster_generic_inner_chroot_script_after.sh |   5 +
 .../remaster_mcs_inner_chroot_script_after.sh |  56 +-
 16 files changed, 1493 insertions(+), 14 deletions(-)
 create mode 100755 remaster/mcs/mmt_scripts/config.sh
 create mode 100755 remaster/mcs/mmt_scripts/deliver.sh
 create mode 100755 remaster/mcs/mmt_scripts/emailpush.pl
 create mode 100755 remaster/mcs/mmt_scripts/schedulebe.py
 create mode 100644 remaster/mcs/postfix/ldapconf/ldap_internal_forward.cf
 create mode 100644 remaster/mcs/postfix/ldapconf/ldap_internal_mx_reject.cf
 create mode 100644 remaster/mcs/postfix/ldapconf/ldap_internaldomains.cf
 create mode 100644 remaster/mcs/postfix/ldapconf/ldap_internalmailbox.cf
 create mode 100644 remaster/mcs/postfix/ldapconf/ldap_policygroup.cf
 create mode 100644 remaster/mcs/postfix/ldapconf/ldap_sender_mismatch.cf
 create mode 100644 remaster/mcs/postfix/main.cf
 create mode 100644 remaster/mcs/postfix/master.cf

diff --git a/remaster/mcs/mcs-functions.sh b/remaster/mcs/mcs-functions.sh
index f5eccbd..540ef96 100755
--- a/remaster/mcs/mcs-functions.sh
+++ b/remaster/mcs/mcs-functions.sh
@@ -1,6 +1,15 @@
 #!/bin/bash
 
-setup_fds() {
+_is_live() {
+	cdroot=$(cat /proc/cmdline | grep cdroot)
+	if [ -n "${cdroot}" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+_setup_fds_live() {
 	# setup 389-ds
 	tmp_config_file="$(mktemp)"
 	echo "[General]
@@ -27,7 +36,26 @@ ServerAdminPwd=mcsmanager
 	# FIXME: calling the script directly, from init, won't work, WTF!
 	su - -c "/usr/sbin/setup-ds-admin.pl -f ${tmp_config_file} --silent" || return 1
 	echo "389 Directory Server configured."
-	/etc/init.d/389-ds stop --nodeps &> /dev/null
-	/etc/init.d/389-admin stop --nodeps &> /dev/null
 	return 0
 }
+
+FDS_SETUP_FILE="/etc/.389-sabayon-configured"
+
+_setup_fds_installed() {
+	if [ -e "${FDS_SETUP_FILE}" ]; then
+		return
+	fi
+	# First, setup 389
+	_setup_fds_live
+	# then make it autostart at the next boot
+	rc-update add 389-ds default
+	rc-update add 389-admin default
+	# do the whole thing once
+	touch "${FDS_SETUP_FILE}"
+}
+
+
+setup_fds() {
+	# setup 389
+	( _is_live && _setup_fds_live ) || _setup_fds_installed
+}
diff --git a/remaster/mcs/mmt_scripts/config.sh b/remaster/mcs/mmt_scripts/config.sh
new file mode 100755
index 0000000..75ad61b
--- /dev/null
+++ b/remaster/mcs/mmt_scripts/config.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+EMAILPUSH_HOSTNAME="mmt-l-fl13-prv.mymessagingtop.it,mmt-l-fl14-prv.mymessagingtop.it"
+EMAILPUSH_PORTNO="4242"
+EMAILPUSH_PREFIX="PREFIX"
+
+INSPECT_DIR="/var/spool/filter"
+DELIVER="/usr/libexec/dovecot/deliver"
+#DELIVER="/opt/dovecot-1.2.8/libexec/dovecot/deliver"
+EMAILPUSH="/usr/local/mmt_scripts/emailpush.pl"
+SCHEDULEBE="/usr/local/mmt_scripts/schedulebe.py"
+LOGGER_FACILITY="mail"
+LOGGER_PRIORITY="info"
+LOGGER_PROGRAM_NAME="deliver.sh"
+
+# Exit codes from <sysexits.h>
+EX_TEMPFAIL=75
+EX_UNAVAILABLE=69
+
+SCHEDULEBE_URL="http://localhost:8080/pubcaldav/rtsvc"
+SCHEDULEBE_USERNAME="caladmin"
+SCHEDULEBE_PASSWORD="caladmin"
diff --git a/remaster/mcs/mmt_scripts/deliver.sh b/remaster/mcs/mmt_scripts/deliver.sh
new file mode 100755
index 0000000..820e926
--- /dev/null
+++ b/remaster/mcs/mmt_scripts/deliver.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+ 
+# Simple shell-based filter. It is meant to be invoked as follows:
+#       /path/to/script -f sender recipients...
+
+#INSPECT_DIR="/var/spool/filter"
+#DELIVER="/usr/libexec/dovecot/deliver"
+#EMAILPUSH="/usr/local/mmt_scripts/emailpush.pl"
+#SCHEDULEBE="/usr/local/mmt_scripts/schedulebe.py"
+#LOGGER_FACILITY="mail"
+#LOGGER_PRIORITY="info"
+#LOGGER_PROGRAM_NAME="deliver.sh"
+
+# Exit codes from <sysexits.h>
+#EX_TEMPFAIL=75
+#EX_UNAVAILABLE=69
+
+source /usr/local/mmt_scripts/config.sh
+if [ $? -ne 0 ]; then exit 75; fi
+
+COMMAND=$(which echo); if [ $? -ne 0 ] || [ ! -x $COMMAND ]; then echo "echo command doesn't exist"; exit $EX_TEMPFAIL;fi
+COMMAND=$(which cut); if [ $? -ne 0 ] || [ ! -x $COMMAND ]; then echo "cut command doesn't exist"; exit $EX_TEMPFAIL;fi
+COMMAND=$(which cat); if [ $? -ne 0 ] || [ ! -x $COMMAND ]; then echo "cat command doesn't exist"; exit $EX_TEMPFAIL;fi
+COMMAND=$(which egrep); if [ $? -ne 0 ] || [ ! -x $COMMAND ]; then echo "egrep command doesn't exist"; exit $EX_TEMPFAIL;fi
+COMMAND=$(which grep); if [ $? -ne 0 ] || [ ! -x $COMMAND ]; then echo "grep command doesn't exist"; exit $EX_TEMPFAIL;fi
+COMMAND=$(which logger); if [ $? -ne 0 ] || [ ! -x $COMMAND ]; then echo "logger command doesn't exist"; exit $EX_TEMPFAIL;fi
+
+# Clean up when done or when aborting.
+trap "rm -f in.$$" 0 1 2 3 15
+
+# Start processing.
+cd $INSPECT_DIR || {
+    echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
+
+cat >in.$$ || { 
+     echo Cannot save mail to file $UID; exit $EX_TEMPFAIL; }
+
+LINE=$(egrep -m 1 "by.+with.+[0-9A-Fa-f]+$" in.$$)
+HEX=$(echo $LINE | egrep -o " id [0-9A-Fa-f]+$" | cut -d " " -f 3)
+if [ -z $HEX ]; then
+	LINE=$(egrep -m 1 "id [0-9A-Fa-f]+;.+" in.$$)
+	HEX=$(echo $LINE | egrep -o "id [0-9A-Fa-f]+" | cut -d " " -f 2)
+fi
+
+grep -P "^X-MW-Scheduler:\scalendar.myplace.edu$" in.$$
+if [ $? -ne 0 ]; then
+	#SCHEDULEBE_OUT=$(cat in.$$ | $SCHEDULEBE -U $SCHEDULEBE_URL -u $SCHEDULEBE_USERNAME -p $SCHEDULEBE_PASSWORD)
+	SCHEDULEBE_OUT=$(cat in.$$ | $SCHEDULEBE -U $SCHEDULEBE_URL)
+        logger -t $LOGGER_PROGRAM_NAME -p $LOGGER_FACILITY.$LOGGER_PRIORITY "mail-id $HEX - schedulebe.py: $SCHEDULEBE_OUT"
+fi
+
+#EMAILPUSH_OUT=$($EMAILPUSH "$@" -h $EMAILPUSH_HOSTNAME -p $EMAILPUSH_PORTNO -P $EMAILPUSH_PREFIX)
+#logger -t $LOGGER_PROGRAM_NAME -p $LOGGER_FACILITY.$LOGGER_PRIORITY "mail-id $HEX - emailpush.sh: $EMAILPUSH_OUT"
+ 
+DELIVER_OUT=$($DELIVER "$@" <in.$$)
+DELIVER_EXIT_STATUS=$?
+if [ $DELIVER_EXIT_STATUS -eq 0 ]; then
+	logger -t $LOGGER_PROGRAM_NAME -p $LOGGER_FACILITY.$LOGGER_PRIORITY "mail-id $HEX - dovecot deliver: mail sent - exit status $DELIVER_EXIT_STATUS"
+else
+        logger -t $LOGGER_PROGRAM_NAME -p $LOGGER_FACILITY.$LOGGER_PRIORITY "mail-id $HEX - dovecot deliver: error - exit status $DELIVER_EXIT_STATUS"
+fi
+
+
+exit $DELIVER_EXIT_STATUS
+
diff --git a/remaster/mcs/mmt_scripts/emailpush.pl b/remaster/mcs/mmt_scripts/emailpush.pl
new file mode 100755
index 0000000..b99369e
--- /dev/null
+++ b/remaster/mcs/mmt_scripts/emailpush.pl
@@ -0,0 +1,56 @@
+#!/usr/bin/perl
+
+use Getopt::Std;
+use Socket;
+
+#my @HOSTNAME = ("mmt-l-fl13-prv.mymessagingtop.it", "mmt-l-fl14-prv.mymessagingtop.it");
+#my @HOSTNAME = ("localhost", "localhost");
+#my $PORTNO = "4242";
+#my $PREFIX = "PREFIX";
+
+sub funambol_udp_push {
+	my $MSGTOSEND = shift;
+	my @HOSTNAME = @{shift()};
+	my $PORTNO = shift;
+	my $PREFIX = shift;
+	socket(SOCKET, PF_INET, SOCK_DGRAM, getprotobyname("udp")) or do{print "Cannot make a socket: $!\n"; exit(0); };
+
+	for ($i = 0; $i <= $#HOSTNAME; $i++) {
+		if ($portaddr = sockaddr_in($PORTNO, inet_aton($HOSTNAME[$i]))) {
+			send(SOCKET, $MSGTOSEND, 0, $portaddr) == length($MSGTOSEND)
+			or do{print "Cannot send to $HOSTNAME[$i]($PORTNO): $!\n";};
+		}
+	}
+	return 0;
+}
+
+my %options = ();
+getopts("f:d:h:p:P:",\%options);
+
+my $MSG = $PREFIX.$options{d}.pack("c","04");
+my @HOSTNAME = split(',', $options{h});
+my $PORTNO = $options{p};
+my $PREFIX = $options{P};
+
+if (($PORTNO eq undef) or ($PREFIX eq undef) or ($MSG eq undef) or ($#HOSTNAME eq 0)) {
+	print "bad arguments";
+	print "PORTNO:".$PORTNO;
+	print "PREFIX:".$PREFIX;
+	print "MSG:".$MSG;
+	for ($i = 0; $i <= $#HOSTNAME; $i++) {
+		print "HOSTNAME[$i]:".$HOSTNAME[$i];
+	}
+	exit(1);
+}
+
+chop($MSG);
+
+my $exitcode = funambol_udp_push($MSG, \@HOSTNAME, $PORTNO, $PREFIX);
+
+if($exitcode eq 0){
+	print "UDP Notification sent correctly.\n";
+}
+
+exit($exitcode);
+
+
diff --git a/remaster/mcs/mmt_scripts/schedulebe.py b/remaster/mcs/mmt_scripts/schedulebe.py
new file mode 100755
index 0000000..6d538f4
--- /dev/null
+++ b/remaster/mcs/mmt_scripts/schedulebe.py
@@ -0,0 +1,379 @@
+#!/usr/bin/python
+# schedulebe (c) robipolli@gmail.com
+# a postfix plugin for managing events in python
+# License: GPL2
+#
+#
+# this software manage mail meeting invitation, 
+# notifying to  bedework  
+# *  meeting request to bedework users
+# *  meeting replies    
+# takes a mail from stdin
+# check if it's a meeting request/reply
+# get header from mail
+# use them to make a POST request to bedework RTSVC
+#
+import StringIO
+import vobject
+import email, httplib
+import re
+import pycurl
+import sys, getopt
+from xml.dom import minidom
+from xml.parsers.expat import ExpatError
+
+_debug = False
+#rtsvcUrl = "http://caladmin:caladmin@velvet:28080/ucaldav/rtsvc"
+#rtsvcUrl = "http://mmt-l-al20:8080/pubcaldav/rtsvc"
+rtsvcUrl = None
+conf_request_enabled = True
+conf_mail_enabled = True
+
+# rtsvcUser = "pippo"
+# rtsvcPass = "pluto"
+
+class Meeting:
+
+    def __init__(self):
+        self.ics = None
+        self.method = None
+        self.organizer = None
+        self.attendees = []
+        
+        self.sender = None
+        self.recipient = []
+        
+    def setMail(self, mailMessage):
+        self.walkMail(mailMessage)
+                               
+    def getMethod(self):
+        return self.ics.method.value
+    
+    def getOrganizer(self):
+        # TODO check organizer ~= /mailto:/
+        o =  cleanMailAddress(self.ics.vevent.organizer.value) 
+        return o
+    
+    def getAttendees(self):
+        if len(self.attendees) == 0:
+            for a in self.ics.vevent.__getattr__("attendee_list"):
+                self.attendees.append(cleanMailAddress(a.value))
+                
+        return self.attendees
+
+
+
+    def validate(self):
+        
+        if conf_request_enabled and self.getMethod() == "REQUEST":
+            #mail recipient must be internal and in attendees
+            # in a meeting request, organizer is the mail sender
+            if self.getOrganizer() != self.sender:
+                if _debug:
+                    print "in %s: Organizer != sender : %s != %s"  % (self.getMethod(), self.getOrganizer(), self.sender)
+                return False
+            
+        elif self.getMethod() == "REPLY":
+            #the sender mail should be one of the attendees
+            if not self.sender in self.getAttendees():
+                if _debug:
+                    print "in %s: sender != attendees : %s not contains  %s"  % (self.getMethod(),self.getAttendees(), self.sender)
+                return False
+            
+        else:
+            print "Error validating meeting"
+
+        return True
+        # check that organizer is valid
+#        if not __checkOrganizer(self.getOrganizer()):
+#            return False
+   
+    def walkMail(self, mailMessage):
+        """walk thru the mail looking for calendar attachment"""
+        """parse attachment and set meeting.ics"""
+
+        self.sender = cleanMailAddress(mailMessage['From'])
+        for rcpt in mailMessage['To'].split(","):
+            self.recipient.append(cleanMailAddress(rcpt))
+            
+        if _debug:
+            print "DEBUG: from: %s, rcpt: %s" % (mailMessage['From'], mailMessage['To'])
+            
+        mailWalker = mailMessage.walk()
+        try:
+            for i in mailWalker:
+                if i.get_content_type() == "text/calendar": 
+                    if self != None:  
+                        icalendar = vobject.readOne(i.get_payload(decode=True))
+                        self.ics = icalendar
+                    else:
+                        if _debug:
+                            print "Test case: %s" % i.get_payload(decode=True)
+        except vobject.base.ParseError:
+            print "Error while parsing calendar"
+            raise           
+        
+         
+#end class
+def __checkOrganizer(organizer):
+    """check if organizer is an user of the platform"""
+
+    return True      
+        
+def getMeetingInfo(meeting):
+    """get meeting info """
+    """ TODO http://docs.python.org/library/email.html#module-email"""
+    meeting.method = meeting.ics.method.value
+    meeting.organizer = meeting
+    return meeting.method.value
+
+
+
+def cleanMailAddress(mailaddress):
+    """clean the mail address returning a string value (no unicode)"""
+    s = re.compile('^.*<(.+)>.*',re.IGNORECASE).sub(r'\1', mailaddress)
+    s = re.compile('mailto:',re.IGNORECASE).sub(r'', s)
+    return str(s.lower())
+    
+def getRecipientsFromMail(mail):
+    """get the TO Header from the email"""
+    recipients = ["one@example.com","two@exmaple.com"]
+    recipient = mail['To']
+    return recipients
+
+def sendRequestToBedework(meeting):        
+    """send a POST request to RTSVC url, setting    """
+    """    Header: originator: me@gmail.com         """
+    """    Header: recipient:  one@example.com      """
+    """    Header: recipient:  two@example.com      """
+    """    Header: Content-type: text/calendar      """
+    """    .ics as POST body                        """
+    if not meeting.validate():
+        return False
+    
+    rtsvcHeader = [ 'Content-Type:text/calendar; charset=UTF-8' ]
+    rtsvcHeader.append('originator: ' + meeting.sender)
+    
+    if conf_mail_enabled:
+	    rcptList = []
+	    
+	    if meeting.getMethod() == "REQUEST":
+	        rcptList = set(meeting.getAttendees()).intersection(meeting.recipient)
+	    elif meeting.getMethod() == "REPLY":
+	        rcptList.append(meeting.getOrganizer())
+	        rcptList = set(rcptList).intersection(meeting.recipient)
+	        
+	    for a in rcptList:
+        	rtsvcHeader.append('recipient: ' + a)    
+                
+    c = pycurl.Curl()
+ 
+    if _debug:
+        print "DEBUG:" + meeting.ics.serialize()
+        # c.setopt(c.VERBOSE, 1)
+        for a in rtsvcHeader: print "DEBUG:" + a
+        
+    output = StringIO.StringIO()
+    
+    c.setopt(c.HTTPHEADER, rtsvcHeader)   
+    c.setopt(c.POSTFIELDS, meeting.ics.serialize())
+    c.setopt(c.URL, rtsvcUrl)
+    c.setopt(c.HEADER, 1)
+    c.setopt(c.POST, 1)
+    c.setopt(pycurl.WRITEFUNCTION, output.write)
+
+    res = c.perform()
+    if _debug:
+        # print output
+        print """DEBUG request %d """ % c.getinfo(pycurl.HTTP_CODE)
+    
+
+    #response = output.read()
+    response = output.getvalue()
+    if _debug:
+        print "DEBUG: response: [%s]" % response
+
+    parseResponse(response)
+        
+    return True
+
+def parseRecipientResponse(response):
+    """return True if the scheduling request to the recipient is successful
+      <ns1:response>
+        <ns1:recipient>
+          <href>attendee@mysite.edu</href>
+        </ns1:recipient>
+        <ns1:request-status>2.0;Success</ns1:request-status>
+      </ns1:response>    
+    """
+    if response.localName != 'response':
+        return False
+    
+    for walk in response.childNodes:
+        if walk.localName == 'recipient':
+            attendees = walk.getElementsByTagName('href')
+            attendee = attendees[0].childNodes[0].data
+                
+        elif walk.localName == 'request-status':
+            if _debug:
+                print "REPORT: attendee: %s\t\tstatus: %s" % (attendee, walk.childNodes[0].data)
+                
+            v = {'2.0;Success'  : True,
+                 '1.0;Deferred' : True,
+                 'default' : False                
+                 }
+            
+            return v.get(walk.childNodes[0].data, 'default')
+            
+            
+    # false by default  
+    return False
+
+def parseResponse(response):
+    """Parse the xml response of the RTSVC server
+    The response is like:
+    HttpHeaders
+    ...
+    <?xml version="1.0" encoding="UTF-8" ?>
+        <ns1:schedule-response xmlns="DAV:" xmlns:ns1="urn:ietf:params:xml:ns:caldav" xmlns:ns2="http://www.w3.org/2002/12/cal/ical#">
+          <ns1:response>
+            <ns1:recipient>
+              <href>attendee@mysite.edu</href>
+            </ns1:recipient>
+            <ns1:request-status>2.0;Success</ns1:request-status>
+          </ns1:response>
+        </ns1:schedule-response>
+    """
+    ret = False
+    
+    # strip http headers
+    try:
+        response = response[response.index('<'):]
+    except ValueError:
+        print "DEBUG: Can't find < in response"
+        return False
+    
+    #support multiple xml documents in response
+    for singleResponse in response.split('\n<?xml'):
+        if len(singleResponse) <= 5:
+            if _debug:
+                print "skipping short response" + singleResponse
+            continue
+        
+        try:
+            doc = minidom.parseString(singleResponse)
+            for walk in doc.childNodes:
+                if walk.localName == 'schedule-response':
+                    for resp in walk.getElementsByTagName(walk.prefix + ':response'):
+                        ret = parseRecipientResponse(resp)
+
+        except ExpatError:
+            print "Errore nella stringa [%s] " % singleResponse
+            raise
+            ret = False
+          
+    return ret      
+
+
+def __notifyUpdate(isError):
+    """notify the user that bedework has been nicely updated"""
+    if isError:
+        return False
+    
+    return True
+
+
+
+def countEnum(i):
+    tot=0
+    for j in i:
+        tot = tot+1
+    return tot
+
+
+def usage():
+    print "usage: schedulebe -U [-v][-h][-f file][-u[-p]]"             
+
+def main():
+    # parse command line options
+    try:
+        #sys.argv[1:] strip the first argument from sys.argv[]
+        opts, args = getopt.getopt(sys.argv[1:], "hvf:U:u:p:", ["help", "verbose", "file", "URL", "username", "password"])
+    except getopt.error, msg:
+        print msg
+        print "for help use --help"
+        sys.exit(2)
+
+    file = None
+    url = None
+    username = None
+    password = None
+    
+    for opt,arg in opts:
+        if opt in ("-h", "--help"):
+            usage()
+            sys.exit()
+        elif opt == '-v':
+            global _debug
+            _debug = True
+        elif opt in ("-f", "--file" ):
+	    file = arg
+	elif opt in ("-U", "--URL"):
+	    url = arg
+	elif opt in ("-u", "--username"):
+   	    username = arg
+	elif opt in ("-p", "--password"):
+  	    password = arg
+	    
+    if (url == None) or (username != None and password == None) or (username == None and password != None):
+        print url
+        usage()
+	sys.exit()
+
+    if url.find("://") == -1:
+        print "bad url"
+	usage()
+	sys.exit(2)
+
+    global rtsvcUrl
+    if username != None and password != None:
+        schema, address = url.split("://")
+        rtsvcUrl = schema + "://" + username + ":" + password + "@" + address
+    else:
+        rtsvcUrl = url
+
+    try:
+        if file==None:
+            fd=sys.stdin
+        else:
+            fd = open(file)
+            
+        m = Meeting()
+        m.setMail(email.message_from_string(fd.read()))
+        
+            
+        organizer = m.getOrganizer()
+        recipients = m.getAttendees()
+        
+        if _debug:
+            print "organizer :%s\nattendees:%s\n" % (organizer, recipients)
+        
+        if (__checkOrganizer(organizer)):
+            if (sendRequestToBedework(m)):
+                print "calendar event synchronized"
+                return True
+
+    except IOError:
+        print "error: file not found"
+        sys.exit(2)
+    except:
+        print "error: No ics found"
+
+        sys.exit(2)
+
+
+# if it's standalone, exec
+if __name__ == "__main__":
+    main()
+
+    
diff --git a/remaster/mcs/mwsql.sql b/remaster/mcs/mwsql.sql
index c025517..62a4abd 100644
--- a/remaster/mcs/mwsql.sql
+++ b/remaster/mcs/mwsql.sql
@@ -18,6 +18,9 @@ SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
 --
 -- Database: `mwsql`
 --
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ mwsql /*!40100 DEFAULT CHARACTER SET latin1 */;
+USE mwsql;
+
 
 -- --------------------------------------------------------
 
diff --git a/remaster/mcs/postfix/ldapconf/ldap_internal_forward.cf b/remaster/mcs/postfix/ldapconf/ldap_internal_forward.cf
new file mode 100644
index 0000000..619e5b9
--- /dev/null
+++ b/remaster/mcs/postfix/ldapconf/ldap_internal_forward.cf
@@ -0,0 +1,7 @@
+# all forwards
+server_host = ldap://localhost
+server_port = 389
+search_base = dc=babel,dc=it
+scope = sub
+query_filter = (&(|(mail=%s)(mailalternateaddress=%s))(objectClass=mailrecipient))
+result_attribute = mailForwardingAddress
diff --git a/remaster/mcs/postfix/ldapconf/ldap_internal_mx_reject.cf b/remaster/mcs/postfix/ldapconf/ldap_internal_mx_reject.cf
new file mode 100644
index 0000000..864d8e8
--- /dev/null
+++ b/remaster/mcs/postfix/ldapconf/ldap_internal_mx_reject.cf
@@ -0,0 +1,8 @@
+# reject all internal domains
+server_host = ldap://localhost
+server_port = 389
+search_base = dc=babel,dc=it
+scope = sub
+query_filter = (&(dc=%d)(objectClass=domain))
+result_attribute = dc
+result_filter = REJECT
diff --git a/remaster/mcs/postfix/ldapconf/ldap_internaldomains.cf b/remaster/mcs/postfix/ldapconf/ldap_internaldomains.cf
new file mode 100644
index 0000000..1c9e98c
--- /dev/null
+++ b/remaster/mcs/postfix/ldapconf/ldap_internaldomains.cf
@@ -0,0 +1,6 @@
+server_host = ldap://localhost
+server_port = 389
+search_base = dc=babel,dc=it
+scope = sub
+query_filter = (&(dc=%s)(objectClass=domain))
+result_attribute = dc
diff --git a/remaster/mcs/postfix/ldapconf/ldap_internalmailbox.cf b/remaster/mcs/postfix/ldapconf/ldap_internalmailbox.cf
new file mode 100644
index 0000000..a148fbc
--- /dev/null
+++ b/remaster/mcs/postfix/ldapconf/ldap_internalmailbox.cf
@@ -0,0 +1,7 @@
+server_host = ldap://localhost
+server_port = 389
+search_base = dc=babel,dc=it
+scope = sub
+query_filter = (&(|(mail=%s)(mailalternateaddress=%s))(objectClass=mailrecipient))
+result_attribute = mail
+
diff --git a/remaster/mcs/postfix/ldapconf/ldap_policygroup.cf b/remaster/mcs/postfix/ldapconf/ldap_policygroup.cf
new file mode 100644
index 0000000..44a4e67
--- /dev/null
+++ b/remaster/mcs/postfix/ldapconf/ldap_policygroup.cf
@@ -0,0 +1,8 @@
+server_host = ldap://localhost
+server_port = 389
+search_base = dc=babel,dc=it
+scope = sub
+query_filter = (&(mgrpdeliverto=%s)(objectClass=mailgroup)(mgrpbroadcasterpolicy=*))
+result_attribute = mgrpbroadcasterpolicy
+result_format = policy_lists
+
diff --git a/remaster/mcs/postfix/ldapconf/ldap_sender_mismatch.cf b/remaster/mcs/postfix/ldapconf/ldap_sender_mismatch.cf
new file mode 100644
index 0000000..b9bd269
--- /dev/null
+++ b/remaster/mcs/postfix/ldapconf/ldap_sender_mismatch.cf
@@ -0,0 +1,8 @@
+# all mailboxes
+server_host = ldap://localhost
+policy_server_port = 389
+search_base = dc=babel,dc=it
+scope = sub
+query_filter = (&(mail=%u@%d)(objectClass=mailrecipient))
+result_attribute = mail
+
diff --git a/remaster/mcs/postfix/main.cf b/remaster/mcs/postfix/main.cf
new file mode 100644
index 0000000..22668a4
--- /dev/null
+++ b/remaster/mcs/postfix/main.cf
@@ -0,0 +1,732 @@
+# Global Postfix configuration file. This file lists only a subset
+# of all parameters. For the syntax, and for a complete parameter
+# list, see the postconf(5) manual page (command: "man 5 postconf").
+#
+# For common configuration examples, see BASIC_CONFIGURATION_README
+# and STANDARD_CONFIGURATION_README. To find these documents, use
+# the command "postconf html_directory readme_directory", or go to
+# http://www.postfix.org/.
+#
+# For best results, change no more than 2-3 parameters at a time,
+# and test if Postfix still works after every change.
+
+# SOFT BOUNCE
+#
+# The soft_bounce parameter provides a limited safety net for
+# testing.  When soft_bounce is enabled, mail will remain queued that
+# would otherwise bounce. This parameter disables locally-generated
+# bounces, and prevents the SMTP server from rejecting mail permanently
+# (by changing 5xx replies into 4xx replies). However, soft_bounce
+# is no cure for address rewriting mistakes or mail routing mistakes.
+#
+#soft_bounce = no
+
+# LOCAL PATHNAME INFORMATION
+#
+# The queue_directory specifies the location of the Postfix queue.
+# This is also the root directory of Postfix daemons that run chrooted.
+# See the files in examples/chroot-setup for setting up Postfix chroot
+# environments on different UNIX systems.
+#
+queue_directory = /var/spool/postfix
+
+# The command_directory parameter specifies the location of all
+# postXXX commands.
+#
+command_directory = /usr/sbin
+
+# The daemon_directory parameter specifies the location of all Postfix
+# daemon programs (i.e. programs listed in the master.cf file). This
+# directory must be owned by root.
+#
+daemon_directory = /usr/lib/postfix
+data_directory = /var/lib/postfix
+
+# QUEUE AND PROCESS OWNERSHIP
+#
+# The mail_owner parameter specifies the owner of the Postfix queue
+# and of most Postfix daemon processes.  Specify the name of a user
+# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
+# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
+# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
+# USER.
+#
+mail_owner = postfix
+
+# The default_privs parameter specifies the default rights used by
+# the local delivery agent for delivery to external file or command.
+# These rights are used in the absence of a recipient user context.
+# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
+#
+#default_privs = nobody
+
+# INTERNET HOST AND DOMAIN NAMES
+# 
+# The myhostname parameter specifies the internet hostname of this
+# mail system. The default is to use the fully-qualified domain name
+# from gethostname(). $myhostname is used as a default value for many
+# other configuration parameters.
+#
+#myhostname = host.domain.tld
+#myhostname = virtual.domain.tld
+
+# The mydomain parameter specifies the local internet domain name.
+# The default is to use $myhostname minus the first component.
+# $mydomain is used as a default value for many other configuration
+# parameters.
+#
+#mydomain = domain.tld
+
+# SENDING MAIL
+# 
+# The myorigin parameter specifies the domain that locally-posted
+# mail appears to come from. The default is to append $myhostname,
+# which is fine for small sites.  If you run a domain with multiple
+# machines, you should (1) change this to $mydomain and (2) set up
+# a domain-wide alias database that aliases each user to
+# user@that.users.mailhost.
+#
+# For the sake of consistency between sender and recipient addresses,
+# myorigin also specifies the default domain name that is appended
+# to recipient addresses that have no @domain part.
+#
+#myorigin = $myhostname
+#myorigin = $mydomain
+
+# RECEIVING MAIL
+
+# The inet_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on.  By default,
+# the software claims all active interfaces on the machine. The
+# parameter also controls delivery of mail to user@[ip.address].
+#
+# See also the proxy_interfaces parameter, for network addresses that
+# are forwarded to us via a proxy or network address translator.
+#
+# Note: you need to stop/start Postfix when this parameter changes.
+#
+inet_interfaces = all
+#inet_interfaces = $myhostname
+#inet_interfaces = $myhostname, localhost
+#inet_interfaces = $myhostname, localhost
+
+# The proxy_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on by way of a
+# proxy or network address translation unit. This setting extends
+# the address list specified with the inet_interfaces parameter.
+#
+# You must specify your proxy/NAT addresses when your system is a
+# backup MX host for other domains, otherwise mail delivery loops
+# will happen when the primary MX host is down.
+#
+#proxy_interfaces =
+#proxy_interfaces = 1.2.3.4
+
+# The mydestination parameter specifies the list of domains that this
+# machine considers itself the final destination for.
+#
+# These domains are routed to the delivery agent specified with the
+# local_transport parameter setting. By default, that is the UNIX
+# compatible delivery agent that lookups all recipients in /etc/passwd
+# and /etc/aliases or their equivalent.
+#
+# The default is $myhostname + localhost.$mydomain.  On a mail domain
+# gateway, you should also include $mydomain.
+#
+# Do not specify the names of virtual domains - those domains are
+# specified elsewhere (see VIRTUAL_README).
+#
+# Do not specify the names of domains that this machine is backup MX
+# host for. Specify those names via the relay_domains settings for
+# the SMTP server, or use permit_mx_backup if you are lazy (see
+# STANDARD_CONFIGURATION_README).
+#
+# The local machine is always the final destination for mail addressed
+# to user@[the.net.work.address] of an interface that the mail system
+# receives mail on (see the inet_interfaces parameter).
+#
+# Specify a list of host or domain names, /file/name or type:table
+# patterns, separated by commas and/or whitespace. A /file/name
+# pattern is replaced by its contents; a type:table is matched when
+# a name matches a lookup key (the right-hand side is ignored).
+# Continue long lines by starting the next line with whitespace.
+#
+# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
+#
+mydestination = $myhostname, localhost.$mydomain, localhost
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
+#	mail.$mydomain, www.$mydomain, ftp.$mydomain
+
+# REJECTING MAIL FOR UNKNOWN LOCAL USERS
+#
+# The local_recipient_maps parameter specifies optional lookup tables
+# with all names or addresses of users that are local with respect
+# to $mydestination, $inet_interfaces or $proxy_interfaces.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown local users. This parameter is defined by default.
+#
+# To turn off local recipient checking in the SMTP server, specify
+# local_recipient_maps = (i.e. empty).
+#
+# The default setting assumes that you use the default Postfix local
+# delivery agent for local delivery. You need to update the
+# local_recipient_maps setting if:
+#
+# - You define $mydestination domain recipients in files other than
+#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
+#   For example, you define $mydestination domain recipients in    
+#   the $virtual_mailbox_maps files.
+#
+# - You redefine the local delivery agent in master.cf.
+#
+# - You redefine the "local_transport" setting in main.cf.
+#
+# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
+#   feature of the Postfix local delivery agent (see local(8)).
+#
+# Details are described in the LOCAL_RECIPIENT_README file.
+#
+# Beware: if the Postfix SMTP server runs chrooted, you probably have
+# to access the passwd file via the proxymap service, in order to
+# overcome chroot restrictions. The alternative, having a copy of
+# the system passwd file in the chroot jail is just not practical.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify a bare username, an @domain.tld
+# wild-card, or specify a user@domain.tld address.
+# 
+#local_recipient_maps = unix:passwd.byname $alias_maps
+#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+#local_recipient_maps =
+
+# The unknown_local_recipient_reject_code specifies the SMTP server
+# response code when a recipient domain matches $mydestination or
+# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
+# and the recipient address or address local-part is not found.
+#
+# The default setting is 550 (reject mail) but it is safer to start
+# with 450 (try again later) until you are certain that your
+# local_recipient_maps settings are OK.
+#
+unknown_local_recipient_reject_code = 550
+
+# TRUST AND RELAY CONTROL
+
+# The mynetworks parameter specifies the list of "trusted" SMTP
+# clients that have more privileges than "strangers".
+#
+# In particular, "trusted" SMTP clients are allowed to relay mail
+# through Postfix.  See the smtpd_recipient_restrictions parameter
+# in postconf(5).
+#
+# You can specify the list of "trusted" network addresses by hand
+# or you can let Postfix do it for you (which is the default).
+#
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
+# clients in the same IP subnetworks as the local machine.
+# On Linux, this does works correctly only with interfaces specified
+# with the "ifconfig" command.
+# 
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
+# clients in the same IP class A/B/C networks as the local machine.
+# Don't do this with a dialup site - it would cause Postfix to "trust"
+# your entire provider's network.  Instead, specify an explicit
+# mynetworks list by hand, as described below.
+#  
+# Specify "mynetworks_style = host" when Postfix should "trust"
+# only the local machine.
+# 
+#mynetworks_style = class
+#mynetworks_style = subnet
+#mynetworks_style = host
+
+# Alternatively, you can specify the mynetworks list by hand, in
+# which case Postfix ignores the mynetworks_style setting.
+#
+# Specify an explicit list of network/netmask patterns, where the
+# mask specifies the number of bits in the network part of a host
+# address.
+#
+# You can also specify the absolute pathname of a pattern file instead
+# of listing the patterns here. Specify type:table for table-based lookups
+# (the value on the table right-hand side is not used).
+#
+#mynetworks = 168.100.189.0/28, 127.0.0.0/8
+#mynetworks = $config_directory/mynetworks
+#mynetworks = hash:/etc/postfix/network_table
+
+# The relay_domains parameter restricts what destinations this system will
+# relay mail to.  See the smtpd_recipient_restrictions description in
+# postconf(5) for detailed information.
+#
+# By default, Postfix relays mail
+# - from "trusted" clients (IP address matches $mynetworks) to any destination,
+# - from "untrusted" clients to destinations that match $relay_domains or
+#   subdomains thereof, except addresses with sender-specified routing.
+# The default relay_domains value is $mydestination.
+# 
+# In addition to the above, the Postfix SMTP server by default accepts mail
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces or $proxy_interfaces,
+# - destinations that match $mydestination
+# - destinations that match $virtual_alias_domains,
+# - destinations that match $virtual_mailbox_domains.
+# These destinations do not need to be listed in $relay_domains.
+# 
+# Specify a list of hosts or domains, /file/name patterns or type:name
+# lookup tables, separated by commas and/or whitespace.  Continue
+# long lines by starting the next line with whitespace. A file name
+# is replaced by its contents; a type:name table is matched when a
+# (parent) domain appears as lookup key.
+#
+# NOTE: Postfix will not automatically forward mail for domains that
+# list this system as their primary or backup MX host. See the
+# permit_mx_backup restriction description in postconf(5).
+#
+#relay_domains = $mydestination
+
+# INTERNET OR INTRANET
+
+# The relayhost parameter specifies the default host to send mail to
+# when no entry is matched in the optional transport(5) table. When
+# no relayhost is given, mail is routed directly to the destination.
+#
+# On an intranet, specify the organizational domain name. If your
+# internal DNS uses no MX records, specify the name of the intranet
+# gateway host instead.
+#
+# In the case of SMTP, specify a domain, host, host:port, [host]:port,
+# [address] or [address]:port; the form [host] turns off MX lookups.
+#
+# If you're connected via UUCP, see also the default_transport parameter.
+#
+#relayhost = $mydomain
+#relayhost = [gateway.my.domain]
+#relayhost = [mailserver.isp.tld]
+#relayhost = uucphost
+#relayhost = [an.ip.add.ress]
+
+# REJECTING UNKNOWN RELAY USERS
+#
+# The relay_recipient_maps parameter specifies optional lookup tables
+# with all addresses in the domains that match $relay_domains.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown relay users. This feature is off by default.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify an @domain.tld wild-card, or specify
+# a user@domain.tld address.
+# 
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+
+# INPUT RATE CONTROL
+#
+# The in_flow_delay configuration parameter implements mail input
+# flow control. This feature is turned on by default, although it
+# still needs further development (it's disabled on SCO UNIX due
+# to an SCO bug).
+# 
+# A Postfix process will pause for $in_flow_delay seconds before
+# accepting a new message, when the message arrival rate exceeds the
+# message delivery rate. With the default 100 SMTP server process
+# limit, this limits the mail inflow to 100 messages a second more
+# than the number of messages delivered per second.
+# 
+# Specify 0 to disable the feature. Valid delays are 0..10.
+# 
+#in_flow_delay = 1s
+
+# ADDRESS REWRITING
+#
+# The ADDRESS_REWRITING_README document gives information about
+# address masquerading or other forms of address rewriting including
+# username->Firstname.Lastname mapping.
+
+# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
+#
+# The VIRTUAL_README document gives information about the many forms
+# of domain hosting that Postfix supports.
+
+# "USER HAS MOVED" BOUNCE MESSAGES
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# TRANSPORT MAP
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# ALIAS DATABASE
+#
+# The alias_maps parameter specifies the list of alias databases used
+# by the local delivery agent. The default list is system dependent.
+#
+# On systems with NIS, the default is to search the local alias
+# database, then the NIS alias database. See aliases(5) for syntax
+# details.
+# 
+# If you change the alias database, run "postalias /etc/aliases" (or
+# wherever your system stores the mail alias file), or simply run
+# "newaliases" to build the necessary DBM or DB file.
+#
+# It will take a minute or so before changes become visible.  Use
+# "postfix reload" to eliminate the delay.
+#
+#alias_maps = dbm:/etc/aliases
+#alias_maps = hash:/etc/aliases
+#alias_maps = hash:/etc/aliases, nis:mail.aliases
+#alias_maps = netinfo:/aliases
+
+# The alias_database parameter specifies the alias database(s) that
+# are built with "newaliases" or "sendmail -bi".  This is a separate
+# configuration parameter, because alias_maps (see above) may specify
+# tables that are not necessarily all under control by Postfix.
+#
+#alias_database = dbm:/etc/aliases
+#alias_database = dbm:/etc/mail/aliases
+#alias_database = hash:/etc/aliases
+#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
+
+# ADDRESS EXTENSIONS (e.g., user+foo)
+#
+# The recipient_delimiter parameter specifies the separator between
+# user names and address extensions (user+foo). See canonical(5),
+# local(8), relocated(5) and virtual(5) for the effects this has on
+# aliases, canonical, virtual, relocated and .forward file lookups.
+# Basically, the software tries user+foo and .forward+foo before
+# trying user and .forward.
+#
+#recipient_delimiter = +
+
+# DELIVERY TO MAILBOX
+#
+# The home_mailbox parameter specifies the optional pathname of a
+# mailbox file relative to a user's home directory. The default
+# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
+# "Maildir/" for qmail-style delivery (the / is required).
+#
+#home_mailbox = Mailbox
+#home_mailbox = Maildir/
+ 
+# The mail_spool_directory parameter specifies the directory where
+# UNIX-style mailboxes are kept. The default setting depends on the
+# system type.
+#
+#mail_spool_directory = /var/mail
+#mail_spool_directory = /var/spool/mail
+
+# The mailbox_command parameter specifies the optional external
+# command to use instead of mailbox delivery. The command is run as
+# the recipient with proper HOME, SHELL and LOGNAME environment settings.
+# Exception:  delivery for root is done as $default_user.
+#
+# Other environment variables of interest: USER (recipient username),
+# EXTENSION (address extension), DOMAIN (domain part of address),
+# and LOCAL (the address localpart).
+#
+# Unlike other Postfix configuration parameters, the mailbox_command
+# parameter is not subjected to $parameter substitutions. This is to
+# make it easier to specify shell syntax (see example below).
+#
+# Avoid shell meta characters because they will force Postfix to run
+# an expensive shell process. Procmail alone is expensive enough.
+#
+# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
+# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
+#
+#mailbox_command = /some/where/procmail
+#mailbox_command = /some/where/procmail -a "$EXTENSION"
+
+# The mailbox_transport specifies the optional transport in master.cf
+# to use after processing aliases and .forward files. This parameter
+# has precedence over the mailbox_command, fallback_transport and
+# luser_relay parameters.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+
+# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
+# server using LMTP (Local Mail Transport Protocol), this is prefered
+# over the older cyrus deliver program by setting the
+# mailbox_transport as below:
+#
+# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+#
+# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
+# these settings.
+#
+# local_destination_recipient_limit = 300
+# local_destination_concurrency_limit = 5
+#
+# Of course you should adjust these settings as appropriate for the
+# capacity of the hardware you are using. The recipient limit setting
+# can be used to take advantage of the single instance message store
+# capability of Cyrus. The concurrency limit can be used to control
+# how many simultaneous LMTP sessions will be permitted to the Cyrus
+# message store. 
+#
+# To use the old cyrus deliver program you have to set:
+#mailbox_transport = cyrus
+
+# The fallback_transport specifies the optional transport in master.cf
+# to use for recipients that are not found in the UNIX passwd database.
+# This parameter has precedence over the luser_relay parameter.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+#fallback_transport =
+
+# The luser_relay parameter specifies an optional destination address
+# for unknown recipients.  By default, mail for unknown@$mydestination,
+# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
+# as undeliverable.
+#
+# The following expansions are done on luser_relay: $user (recipient
+# username), $shell (recipient shell), $home (recipient home directory),
+# $recipient (full recipient address), $extension (recipient address
+# extension), $domain (recipient domain), $local (entire recipient
+# localpart), $recipient_delimiter. Specify ${name?value} or
+# ${name:value} to expand value only when $name does (does not) exist.
+#
+# luser_relay works only for the default Postfix local delivery agent.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must specify "local_recipient_maps =" (i.e. empty) in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#luser_relay = $user@other.host
+#luser_relay = $local@other.host
+#luser_relay = admin+$local
+  
+# JUNK MAIL CONTROLS
+# 
+# The controls listed here are only a very small subset. The file
+# SMTPD_ACCESS_README provides an overview.
+
+# The header_checks parameter specifies an optional table with patterns
+# that each logical message header is matched against, including
+# headers that span multiple physical lines.
+#
+# By default, these patterns also apply to MIME headers and to the
+# headers of attached messages. With older Postfix versions, MIME and
+# attached message headers were treated as body text.
+#
+# For details, see "man header_checks".
+#
+#header_checks = regexp:/etc/postfix/header_checks
+
+# FAST ETRN SERVICE
+#
+# Postfix maintains per-destination logfiles with information about
+# deferred mail, so that mail can be flushed quickly with the SMTP
+# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
+# See the ETRN_README document for a detailed description.
+# 
+# The fast_flush_domains parameter controls what destinations are
+# eligible for this service. By default, they are all domains that
+# this server is willing to relay mail to.
+# 
+#fast_flush_domains = $relay_domains
+
+# SHOW SOFTWARE VERSION OR NOT
+#
+# The smtpd_banner parameter specifies the text that follows the 220
+# code in the SMTP server's greeting banner. Some people like to see
+# the mail version advertised. By default, Postfix shows no version.
+#
+# You MUST specify $myhostname at the start of the text. That is an
+# RFC requirement. Postfix itself does not care.
+#
+#smtpd_banner = $myhostname ESMTP $mail_name
+#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+
+# PARALLEL DELIVERY TO THE SAME DESTINATION
+#
+# How many parallel deliveries to the same user or domain? With local
+# delivery, it does not make sense to do massively parallel delivery
+# to the same user, because mailbox updates must happen sequentially,
+# and expensive pipelines in .forward files can cause disasters when
+# too many are run at the same time. With SMTP deliveries, 10
+# simultaneous connections to the same domain could be sufficient to
+# raise eyebrows.
+# 
+# Each message delivery transport has its XXX_destination_concurrency_limit
+# parameter.  The default is $default_destination_concurrency_limit for
+# most delivery transports. For the local delivery agent the default is 2.
+
+#local_destination_concurrency_limit = 2
+#default_destination_concurrency_limit = 20
+
+# DEBUGGING CONTROL
+#
+# The debug_peer_level parameter specifies the increment in verbose
+# logging level when an SMTP client or server host name or address
+# matches a pattern in the debug_peer_list parameter.
+#
+debug_peer_level = 2
+
+# The debug_peer_list parameter specifies an optional list of domain
+# or network patterns, /file/name patterns or type:name tables. When
+# an SMTP client or server host name or address matches a pattern,
+# increase the verbose logging level by the amount specified in the
+# debug_peer_level parameter.
+#
+#debug_peer_list = 127.0.0.1
+#debug_peer_list = some.domain
+
+# The debugger_command specifies the external command that is executed
+# when a Postfix daemon program is run with the -D option.
+#
+# Use "command .. & sleep 5" so that the debugger can attach before
+# the process marches on. If you use an X-based debugger, be sure to
+# set up your XAUTHORITY environment variable before starting Postfix.
+#
+debugger_command =
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
+
+# If you can't use X, use this to capture the call stack when a
+# daemon crashes. The result is in a file in the configuration
+# directory, and is named after the process name and the process ID.
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
+#	echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
+#	>$config_directory/$process_name.$process_id.log & sleep 5
+#
+# Another possibility is to run gdb under a detached screen session.
+# To attach to the screen sesssion, su root and run "screen -r
+# <id_string>" where <id_string> uniquely matches one of the detached
+# sessions (from "screen -list").
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
+#	-dmS $process_name gdb $daemon_directory/$process_name
+#	$process_id & sleep 1
+
+# INSTALL-TIME CONFIGURATION INFORMATION
+#
+# The following parameters are used when installing a new Postfix version.
+# 
+# sendmail_path: The full pathname of the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+# 
+sendmail_path = /usr/sbin/sendmail
+
+# newaliases_path: The full pathname of the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases.
+#
+newaliases_path = /usr/bin/newaliases
+
+# mailq_path: The full pathname of the Postfix mailq command.  This
+# is the Sendmail-compatible mail queue listing command.
+# 
+mailq_path = /usr/bin/mailq
+
+# setgid_group: The group for mail submission and queue management
+# commands.  This must be a group name with a numerical group ID that
+# is not shared with other accounts, not even with the Postfix account.
+#
+setgid_group = postdrop
+
+# html_directory: The location of the Postfix HTML documentation.
+#
+html_directory = /usr/share/doc/postfix-2.6.7/html
+
+# manpage_directory: The location of the Postfix on-line manual pages.
+#
+manpage_directory = /usr/share/man
+
+# sample_directory: The location of the Postfix sample configuration files.
+# This parameter is obsolete as of Postfix 2.1.
+#
+sample_directory = /etc/postfix
+
+# readme_directory: The location of the Postfix README files.
+#
+readme_directory = /usr/share/doc/postfix-2.6.7/readme
+
+# mailware
+virtual_mailbox_domains = ldap:/etc/postfix/ldapconf/ldap_internaldomains.cf
+virtual_mailbox_base = /
+virtual_mailbox_maps = ldap:/etc/postfix/ldapconf/ldap_internalmailbox.cf
+virtual_alias_maps = ldap:/etc/postfix/ldapconf/ldap_internal_forward.cf ldap:/etc/postfix/ldapconf/ldap_internalmailbox.cf
+virtual_alias_expansion_limit = 25000
+virtual_minimum_uid = 2
+virtual_uid_maps = static:8
+virtual_gid_maps = static:12
+transport_maps = hash:/etc/postfix/transport
+##################################################################DECOMMENTARE PER ABILITARE DOVECOT
+virtual_transport = dovecot
+dovecot_destination_recipient_limit = 1
+#virtual_transport = maildrop
+#maildrop_destination_recipient_limit = 1
+
+
+listcf_destination_recipient_limit = 1
+
+smtpd_restriction_classes = sasl_interface, policy_0
+# policy_1, policy_2, policy_3, policy_lists
+
+# LAN
+policy_0 = check_policy_service unix:private/lanpolicy
+
+
+# QXN: destinatario in whitelist
+#policy_1 = check_recipient_access ldap:/etc/postfix/ldapconf/ldap_policy_1.cf, check_recipient_access ldap:/etc/postfix/ldapconf/ldap_internal_reject_policy_1.cf, check_policy_service unix:private/qxnlistpolicy, reject
+#policy_1 = check_recipient_access ldap:/etc/postfix/ldapconf/ldap_policy_1.cf, check_recipient_access ldap:/etc/postfix/ldapconf/ldap_internal_reject_policy_1.cf, check_recipient_access hash:/etc/postfix/qxnlist, reject
+
+# WWW destinatario in PD
+#policy_2 = check_recipient_access ldap:/etc/postfix/ldapconf/ldap_policy_2.cf, check_recipient_access ldap:/etc/postfix/ldapconf/ldap_internal_reject_policy_2.cf, check_policy_service unix:private/internetpolicy, reject
+
+# WWW+QNX
+#policy_3 = check_recipient_access ldap:/etc/postfix/ldapconf/ldap_policy_3.cf, check_recipient_access ldap:/etc/postfix/ldapconf/ldap_internal_reject_policy_3.cf, permit
+
+sasl_interface = reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch
+
+# policy_lists = check_policy_service unix:private/listpolicy
+
+smtpd_sender_restrictions = sasl_interface, permit_sasl_authenticated, reject
+smtpd_recipient_restrictions = check_recipient_access ldap:/etc/postfix/ldapconf/ldap_policygroup.cf, check_sender_access ldap:/etc/postfix/policy_domains.cf, reject_unauth_destination
+
+policy_time_limit = 3600
+
+# Nega l'invio da domini gestiti sugli mx record
+# check_mx_access=check_sender_access ldap:/etc/postfix/ldapconf/ldap_internal_mx_reject.cf, permit
+
+# controlla il MAIL FROM con le credenziali di autenticazione sasl
+smtpd_sender_login_maps = ldap:/etc/postfix/ldapconf/ldap_sender_mismatch.cf
+
+# antirelay mx internet
+# check_internet_access=check_recipient_access ldap:/etc/postfix/ldapconf/ldap_policygroup.cf, check_recipient_access ldap:/etc/postfix/ldapconf/ldap_internal_internet_mailboxes.cf, check_recipient_access ldap:/etc/postfix/ldapconf/ldap_internal_internet_aliases.cf
+
+####Far loggare il Subject su maillog
+#header_checks = pcre:/etc/postfix/header_checks
+
+mynetworks = 127.0.0.1, 10.0.11.50, 10.0.8.4, 10.0.8.0/22, 10.0.10.10, 10.0.0.62, 10.0.0.0/24
+#always_bcc = gnarwl
+
+# always_bcc = schedulebe
+
+sms_destination_recipient_limit = 1
diff --git a/remaster/mcs/postfix/master.cf b/remaster/mcs/postfix/master.cf
new file mode 100644
index 0000000..a89e73c
--- /dev/null
+++ b/remaster/mcs/postfix/master.cf
@@ -0,0 +1,111 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (yes)   (never) (100)
+# ==========================================================================
+smtp      inet  n       -       n       -       -       smtpd
+#        -o receive_override_options=no_address_mappings
+        -o smtpd_sender_restrictions=permit_mynetworks,$check_mx_access
+        -o smtpd_recipient_restrictions=permit_mynetworks,$check_internet_access,reject_unauth_destination,reject
+submission inet n       -       n       -       -       smtpd
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_sender_restrictions=permit_mynetworks,$check_mx_access
+  -o smtpd_recipient_restrictions=permit_mynetworks,$check_internet_access,reject_unauth_destination,reject
+smtps     inet  n       -       n       -       -       smtpd
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_sender_restrictions=permit_mynetworks,$check_mx_access
+  -o smtpd_recipient_restrictions=permit_mynetworks,$check_internet_access,reject_unauth_destination,reject
+  -o smtpd_tls_key_file=/etc/ssl/dovecot/server.key
+  -o smtpd_tls_cert_file=/etc/ssl/dovecot/server.cert
+  -o smtpd_tls_CAfile=/etc/ssl/dovecot/server.pem
+#628      inet  n       -       n       -       -       qmqpd
+pickup    fifo  n       -       n       60      1       pickup
+cleanup   unix  n       -       n       -       0       cleanup
+qmgr      fifo  n       -       n       300     1       qmgr
+#qmgr     fifo  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+rewrite   unix  -       -       n       -       -       trivial-rewrite
+bounce    unix  -       -       n       -       0       bounce
+defer     unix  -       -       n       -       0       bounce
+trace     unix  -       -       n       -       0       bounce
+verify    unix  -       -       n       -       1       verify
+flush     unix  n       -       n       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+smtp      unix  -       -       n       -       -       smtp
+# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
+relay     unix  -       -       n       -       -       smtp
+	-o fallback_relay=
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       n       -       -       showq
+error     unix  -       -       n       -       -       error
+discard   unix  -       -       n       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       n       -       -       lmtp
+anvil     unix  -       -       n       -       1       anvil
+scache	  unix	-	-	n	-	1	scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+#maildrop  unix  -       n       n       -       -       pipe
+#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+#
+# The Cyrus deliver program has changed incompatibly, multiple times.
+#
+old-cyrus unix  -       n       n       -       -       pipe
+  flags=R user=cyrus argv=/usr/lib/cyrus/deliver -e -m ${extension} ${user}
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+cyrus     unix  -       n       n       -       -       pipe
+  user=cyrus argv=/usr/lib/cyrus/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
+maildrop  unix  -       n       n       -       -       pipe
+  flags=ODRhu user=mail argv=/usr/bin/maildrop -d ${recipient}
+cos-cf  unix    -       n       n       -       10      pipe
+  flags=Rq user=mail argv=/etc/postfix/filter.pl -f ${sender} ${recipient}
+
+dovecot   unix  -       n       n       -       -       pipe
+  flags=ODRhu user=mail:mail argv=/usr/local/mmt_scripts/deliver.sh -f ${sender} -d ${recipient}
+
+#dovecot   unix  -       n       n       -       -       pipe
+#  flags=ODRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
+
+#Deliver del sieve
+#dovecot   unix  -       n       n       -       -       pipe
+#  flags=ODRhu user=mail:mail argv=/opt/dovecot-1.2.8/libexec/dovecot/deliver -f ${sender} -d ${recipient}
+
+
+
+#always_bcc=gnarwl
+gnarwl    unix  -       n       n       -       -       pipe
+   flags=F user=gnarwl argv=/usr/bin/gnarwl -s ${sender} -a ${recipient}
+schedulbe unix  -       n       n       -       -       pipe
+   flags=F user=schedulbe argv=/root/python/ScheduleBe/schedulebe.py -v
+sms	unix	-	n	n	-	-	smtp
+retry     unix  -       -       n       -       -       error
+proxywrite unix -       -       n       -       1       proxymap
diff --git a/scripts/remaster_generic_inner_chroot_script_after.sh b/scripts/remaster_generic_inner_chroot_script_after.sh
index 3cb19b4..45dead5 100755
--- a/scripts/remaster_generic_inner_chroot_script_after.sh
+++ b/scripts/remaster_generic_inner_chroot_script_after.sh
@@ -204,6 +204,11 @@ touch /var/log/clamav/freshclam.log
 chown clamav:clamav /var/log/clamav -R
 chown clamav:clamav /var/lib/clamav -R
 
+# Fixup mysqld permissions, ebuild bug?
+if [ -d "/var/run/mysqld" ]; then
+	chown mysql:mysql /var/run/mysqld -R
+fi
+
 # Setup SAMBA config file
 if [ -f /etc/samba/smb.conf.default ]; then
 	cp -p /etc/samba/smb.conf.default /etc/samba/smb.conf
diff --git a/scripts/remaster_mcs_inner_chroot_script_after.sh b/scripts/remaster_mcs_inner_chroot_script_after.sh
index e3443c0..a85a199 100755
--- a/scripts/remaster_mcs_inner_chroot_script_after.sh
+++ b/scripts/remaster_mcs_inner_chroot_script_after.sh
@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# merge config updates first
+echo -5 | equo conf update
+
 # setup Desktop icons
 rm /etc/skel/Desktop/*.desktop
 cp /usr/share/applications/keyboard.desktop /etc/skel/Desktop/ -p
@@ -15,33 +18,36 @@ chmod 755 /etc/init.d/oemsystem-default
 chown root:root /etc/init.d/oemsystem-default
 rc-update add oemsystem-default default
 
-# temp jboss-bin fixes
-useradd jboss
-chown jboss:jboss /opt/jboss-bin-4.2 -R
-
 # setup fqdn
 sed -i 's/sabayon/localhost.localdomain sabayon/g' /etc/hosts
 
 # setup MySQL
+# Fixup mysqld permissions, ebuild bug?
+chown mysql:mysql /var/run/mysqld -R
+
 mysql_ebuild="$(find /var/db/pkg/dev-db -name "mysql*.ebuild" | sort | head -n 1)"
 if [ -z "${mysql_ebuild}" ]; then
 	echo "cannot find any mysql ebuild"
 	exit 1
 fi
 echo "password=mcsmanager" > /root/.my.cnf || exit 1
-mount -t tmpfs none /var/run/mysqld
 ebuild "${mysql_ebuild}" config
 if [ "${?}" != "0" ]; then
-	umount /var/run/mysqld
 	exit 1
 fi
 rm /root/.my.cnf -f
-umount /var/run/mysqld
 # setup password
 sed -i '/^#password/ s/your_password/mcsmanager/g' /etc/mysql/my.cnf || exit 1
 sed -i '/^#password/ s/#//g' /etc/mysql/my.cnf || exit 1
 
-# FIXME: enable mysql InnoDB?
+# start and insert data
+echo "Setting up mysql"
+/etc/init.d/mysql start --nodeps || exit 1
+mysql -u root --password=mcsmanager -h localhost < /.mcs/mwsql.sql
+mysql -u root --password=mcsmanager -h localhost < /.mcs/bedework.sql
+# TODO setup user permissions?
+# TODO do not ask password
+/etc/init.d/mysql stop --nodeps
 
 # setup 389-console data
 mkdir /etc/skel/.389-console
@@ -49,21 +55,49 @@ echo "UserID=admin
 HostURL=http\://localhost\:9830
 " > /etc/skel/.389-console/Console.1.1.5.Login.preferences
 
+# Setup Postfix
+echo "Setting up Postfix"
+cp /.mcs/postfix/main.cf /etc/postfix/main.cf || exit 1
+cp /.mcs/postfix/master.cf /etc/postfix/master.cf || exit 1
+cp /.mcs/postfix/ldapconf /etc/postfix/ldapconf -Rp || exit 1
+chown root:root /etc/postfix/{main,master}.cf || exit 1
+chmod 644 /etc/postfix/{main,master}.cf || exit 1
+chmod 755 /etc/postfix/ldapconf || exit 1
+chmod 644 /etc/postfix/ldapconf/*.cf || exit 1
+chown root:root /etc/postfix/ldapconf -R || exit 1
+# mmt_scripts
+cp /.mcs/mmt_scripts /usr/local/ -Rp || exit 1
+chown root:root /usr/local/mmt_scripts -R || exit 1
+chmod 755 /usr/local/mmt_scripts/* -R || exit 1
+
+# Build ejabberd
+#tar xvzf /.mcs/ejabberd-patched.tar.bz2 -C /tmp || exit 1
+#cd /tmp/ejabberd-2.1.0_rc1 || exit 1
+
+# Setup .war stuff
+cp /.mcs/no_repo/jboss-deploy/* /opt/jboss-bin-4.2/server/default/deploy/ -Rap
+chown jboss:jboss /opt/jboss-bin-4.2/server/default/deploy/ -R
+
 # add services to init
-rc-update add 389-ds default
-rc-update add 389-admin default
+# autostarted by the mcs setup script
+## rc-update add 389-ds default
+## rc-update add 389-admin default
 rc-update add 389-ds-snmp default
 rc-update add jboss-bin-4.2 default
 rc-update add mysql default
+rc-update add dovecot default
+rc-update add postfix default
 
 # remove unused services from init
 rc-update del sabayon-mce default
 rc-update del sabayon-mce boot
 rc-update del music default
 
+# remove temp .mcs dir
+rm /.mcs -rf
+
 # Sabayon stuff
 
-echo -5 | equo conf update
 mount -t proc proc /proc
 /lib/rc/bin/rc-depend -u