From 18342bcb663d0ffa0675b34e9b34ade5e4b1d557 Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Thu, 12 Mar 2026 17:40:30 +0100
Subject: [PATCH] postfix: make delivery for IP-only relays work

---
 chatmaild/src/chatmaild/config.py        | 11 +++++++++++
 cmdeploy/src/cmdeploy/postfix/main.cf.j2 | 16 ++++++++--------
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/chatmaild/src/chatmaild/config.py b/chatmaild/src/chatmaild/config.py
index aad44694..c467e3f2 100644
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -21,6 +21,11 @@ class Config:
     def __init__(self, inipath, params):
         self._inipath = inipath
         self.mail_domain = params["mail_domain"]
+        self.mail_domain_hostname = format_arpa_address(params["mail_domain"])
+        if is_valid_ipv4(params["mail_domain"]):
+            self.mail_domain_deliverable = f"[{params['mail_domain']}]"
+        else:
+            self.mail_domain_deliverable = params["mail_domain"]
         self.max_user_send_per_minute = int(params.get("max_user_send_per_minute", 60))
         self.max_user_send_burst_size = int(params.get("max_user_send_burst_size", 10))
         self.max_mailbox_size = params["max_mailbox_size"]
@@ -185,3 +190,9 @@ def is_valid_ipv4(address: str) -> bool:
         return True
     except ValueError:
         return False
+
+
+def format_arpa_address(address: str) -> str:
+    if is_valid_ipv4(address):
+        return ipaddress.IPv4Address(address).reverse_pointer
+    return address
diff --git a/cmdeploy/src/cmdeploy/postfix/main.cf.j2 b/cmdeploy/src/cmdeploy/postfix/main.cf.j2
index 856996bb..77cbf131 100644
--- a/cmdeploy/src/cmdeploy/postfix/main.cf.j2
+++ b/cmdeploy/src/cmdeploy/postfix/main.cf.j2
@@ -1,4 +1,4 @@
-myorigin = {{ config.mail_domain }}
+myorigin = {{ config.mail_domain_deliverable }}
 
 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 biff = no
@@ -54,14 +54,16 @@ smtpd_tls_exclude_ciphers = aNULL, RC4, MD5, DES
 tls_preempt_cipherlist = yes
 
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = {{ config.mail_domain }}
+myhostname = {{ config.mail_domain_hostname }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 
-# Postfix does not deliver mail for any domain by itself.
-# Primary domain is listed in `virtual_mailbox_domains` instead
-# and handed over to Dovecot.
-mydestination =
+# When postfix receives mail for $mydestination,
+# it hands it over to dovecot via $local_transport.
+mydestination = {{ config.mail_domain_deliverable }}
+local_transport = lmtp:unix:private/dovecot-lmtp
+# postfix doesn't check whether local users exist or not:
+local_recipient_maps =
 
 relayhost = 
 {% if disable_ipv6 %}
@@ -79,8 +81,6 @@ inet_protocols = ipv4
 inet_protocols = all
 {% endif %}
 
-virtual_transport = lmtp:unix:private/dovecot-lmtp
-virtual_mailbox_domains = {{ config.mail_domain }}
 lmtp_header_checks = regexp:/etc/postfix/lmtp_header_cleanup
 
 mua_client_restrictions = permit_sasl_authenticated, reject