#!/bin/bash
# Healthcare HOT-stream Postfix setup (dual-stream design).
#
# Goal: inject the healthcare campaign on a path that egresses ONLY from the
# dedicated hc sending IPs (.107/.108/.109 with hc HELO identity), completely
# separate from the trucking rotation pool (.94-.96), in a SINGLE Postfix
# instance.
#
# Why this shape: source-IP round-robin inside one Postfix instance normally
# comes from `transport_maps = randmap:{...}`, but that is owned by the shared
# trivial-rewrite(8) daemon and is GLOBAL -- a per-smtpd `-o transport_maps`
# does not override it, and a `FILTER randmap:{...}` action is parsed as a
# literal transport (verified: "connect to transport private/randmap: not
# found"). FILTER only accepts a real transport:nexthop.
#
# So we pin ONE hc IP per submission port and let listmonk-hc round-robin across
# the three ports (Listmonk natively round-robins its configured SMTP servers):
#
#   listmonk-hc SMTP server 1 -> :2526 --content_filter--> hcout1 (.107, hcmta01)
#   listmonk-hc SMTP server 2 -> :2527 --content_filter--> hcout2 (.108, hcmta02)
#   listmonk-hc SMTP server 3 -> :2528 --content_filter--> hcout3 (.109, hcmta03)
#
# `content_filter=hcoutN:` (empty nexthop) re-injects via the hc transport but
# keeps the ORIGINAL recipient domain, so it delivers to the real recipient MX
# from the bound hc IP. content_filter overrides the global transport_maps, so
# hc mail never touches the trucking pool. The trucking smtp:25 path is left
# completely untouched.
#
# Verified end-to-end on the app server: a msg injected on :2527 egressed via
# hcout2 (bind .108, helo hcmta02) and connected to the real gmail-smtp-in MX;
# the trucking transport_maps (randmap:{out05,out06,out07} = .94-.96) was
# unchanged.
#
# Idempotent + gated by `postfix check` with auto-rollback (mirrors mta_setup.sh).
set -euo pipefail

TS=$(date +%s)
MC=/etc/postfix/master.cf

echo "=== backup (.$TS) ==="
sudo cp "$MC" "$MC.bak.$TS"

# hc IP pool: port -> (smtp transport name, source IP octet, HELO label)
# 2526->hcout1/.107, 2527->hcout2/.108, 2528->hcout3/.109
echo "=== master.cf: add hc submission ports + per-IP transports ==="
sudo python3 - "$MC" <<'PY'
import sys
mc = open(sys.argv[1]).read()
add = []
pool = [
    (2526, 'hcout1', 107, 'hcmta01'),
    (2527, 'hcout2', 108, 'hcmta02'),
    (2528, 'hcout3', 109, 'hcmta03'),
]
if 'hcout1 unix' not in mc:
    add.append('')
    add.append('# === Healthcare HOT stream (dual-stream design) ===')
    add.append('# One submission port per hc IP; listmonk-hc round-robins the ports.')
    add.append('# FILTER forces each port onto its hc transport, overriding the global')
    add.append('# trucking transport_maps so hc mail never uses the .94-.96 pool.')
    for port, name, octet, helo in pool:
        # Submission listener: tag every message with FILTER -> the hc transport.
        add += [
            '%d      inet  n       -       y       -       -       smtpd' % port,
            '  -o syslog_name=postfix/hcsubmit%d' % octet,
            '  -o smtpd_client_restrictions=permit_mynetworks,reject',
            '  -o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination',
            '  -o smtpd_helo_required=no',
            '  -o content_filter=%s:' % name,
        ]
    for port, name, octet, helo in pool:
        # The hc smtp transport: bind the hc IP, hc HELO, hotter concurrency.
        add += [
            '%s unix - - y - - smtp' % name,
            '  -o smtp_bind_address=207.174.124.%d' % octet,
            '  -o smtp_helo_name=%s.performancewest.net' % helo,
            '  -o syslog_name=postfix/%s' % name,
            '  -o smtp_destination_concurrency_limit=10',
            '  -o smtp_destination_rate_delay=0s',
            '  -o smtp_destination_recipient_limit=20',
        ]
    mc = mc.rstrip('\n') + '\n' + '\n'.join(add) + '\n'
    open(sys.argv[1], 'w').write(mc)
    print('  master.cf updated (+%d lines)' % len(add))
else:
    print('  master.cf already has hc stream (no change)')
PY

echo "=== hc warmup stamp (drives the listmonk-hc ramp cap) ==="
[ -f /etc/postfix/hc-warmup-start ] || date +%s | sudo tee /etc/postfix/hc-warmup-start >/dev/null
echo "  hc-warmup-start: $(sudo cat /etc/postfix/hc-warmup-start)"

echo "=== postfix check (gate) ==="
if sudo postfix check 2>&1 | grep -viE 'not owned|^$'; then :; fi
if sudo postfix check >/dev/null 2>&1; then
  echo "CHECK OK"; sudo postfix reload && echo "RELOADED"
else
  echo "CHECK FAILED — rolling back"
  sudo cp "$MC.bak.$TS" "$MC"
  sudo postfix reload || true
  echo "ROLLED BACK"; exit 1
fi

echo "=== verify ==="
echo -n "hc transports: "; sudo grep -cE "^hcout[123] unix" "$MC"
for p in 2526 2527 2528; do
  echo -n ":$p "; sudo ss -ltn 2>/dev/null | grep -qE ":$p\b" && echo "LISTENING" || echo "(settling)"
done
echo "DONE."