mkdir -p './opt'
mkdir -p './perl/CPAN'
mkdir -p './phpmyadmin/conf.d'
+mkdir -p './postfix.old/dynamicmaps.cf.d'
+mkdir -p './postfix.old/sasl'
mkdir -p './postfix/dynamicmaps.cf.d'
mkdir -p './postfix/sasl'
mkdir -p './salt/proxy.d'
maybe chmod 0644 'phpmyadmin/phpmyadmin.desktop'
maybe chmod 0644 'phpmyadmin/phpmyadmin.service'
maybe chmod 0755 'postfix'
-maybe chmod 0644 'postfix/aliases'
-maybe chmod 0644 'postfix/aliases.db'
-maybe chgrp 'postfix' 'postfix/body_checks.pcre'
-maybe chmod 0640 'postfix/body_checks.pcre'
-maybe chmod 0755 'postfix/disclaimer'
-maybe chmod 0644 'postfix/disclaimer/default.txt'
+maybe chmod 0755 'postfix.old'
+maybe chmod 0644 'postfix.old/aliases'
+maybe chmod 0644 'postfix.old/aliases.db'
+maybe chgrp 'postfix' 'postfix.old/body_checks.pcre'
+maybe chmod 0640 'postfix.old/body_checks.pcre'
+maybe chmod 0755 'postfix.old/disclaimer'
+maybe chmod 0644 'postfix.old/disclaimer/default.txt'
+maybe chmod 0644 'postfix.old/dynamicmaps.cf'
+maybe chmod 0755 'postfix.old/dynamicmaps.cf.d'
+maybe chgrp 'postfix' 'postfix.old/header_checks'
+maybe chmod 0640 'postfix.old/header_checks'
+maybe chgrp 'postfix' 'postfix.old/helo_access.pcre'
+maybe chmod 0640 'postfix.old/helo_access.pcre'
+maybe chmod 0640 'postfix.old/helo_access.pcre.2016.07.20.08.58.54'
+maybe chmod 0644 'postfix.old/main.cf'
+maybe chmod 0644 'postfix.old/main.cf.2016.07.20.08.58.54'
+maybe chmod 0644 'postfix.old/main.cf.2016.07.20.09.03.50'
+maybe chmod 0644 'postfix.old/main.cf.2021-01-06_22-34-07'
+maybe chmod 0644 'postfix.old/main.cf.proto'
+maybe chmod 0644 'postfix.old/master.cf'
+maybe chmod 0644 'postfix.old/master.cf.2016.07.20.08.58.54'
+maybe chmod 0644 'postfix.old/master.cf.2016.07.20.09.03.50'
+maybe chmod 0644 'postfix.old/master.cf.proto'
+maybe chmod 0755 'postfix.old/mysql'
+maybe chgrp 'postfix' 'postfix.old/mysql/catchall_maps.cf'
+maybe chmod 0640 'postfix.old/mysql/catchall_maps.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/domain_alias_catchall_maps.cf'
+maybe chmod 0640 'postfix.old/mysql/domain_alias_catchall_maps.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/domain_alias_maps.cf'
+maybe chmod 0640 'postfix.old/mysql/domain_alias_maps.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/recipient_bcc_maps_domain.cf'
+maybe chmod 0640 'postfix.old/mysql/recipient_bcc_maps_domain.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/recipient_bcc_maps_user.cf'
+maybe chmod 0640 'postfix.old/mysql/recipient_bcc_maps_user.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/relay_domains.cf'
+maybe chmod 0640 'postfix.old/mysql/relay_domains.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/sender_bcc_maps_domain.cf'
+maybe chmod 0640 'postfix.old/mysql/sender_bcc_maps_domain.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/sender_bcc_maps_user.cf'
+maybe chmod 0640 'postfix.old/mysql/sender_bcc_maps_user.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/sender_dependent_relayhost_maps.cf'
+maybe chmod 0640 'postfix.old/mysql/sender_dependent_relayhost_maps.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/sender_login_maps.cf'
+maybe chmod 0640 'postfix.old/mysql/sender_login_maps.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/transport_maps_domain.cf'
+maybe chmod 0640 'postfix.old/mysql/transport_maps_domain.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/transport_maps_user.cf'
+maybe chmod 0640 'postfix.old/mysql/transport_maps_user.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/virtual_alias_maps.cf'
+maybe chmod 0640 'postfix.old/mysql/virtual_alias_maps.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/virtual_mailbox_domains.cf'
+maybe chmod 0640 'postfix.old/mysql/virtual_mailbox_domains.cf'
+maybe chgrp 'postfix' 'postfix.old/mysql/virtual_mailbox_maps.cf'
+maybe chmod 0640 'postfix.old/mysql/virtual_mailbox_maps.cf'
+maybe chmod 0755 'postfix.old/post-install'
+maybe chmod 0644 'postfix.old/postfix-files'
+maybe chmod 0755 'postfix.old/postfix-files.d'
+maybe chmod 0644 'postfix.old/postfix-files.d/mysql.files'
+maybe chmod 0644 'postfix.old/postfix-files.d/pcre.files'
+maybe chmod 0644 'postfix.old/postfix-files.d/sqlite.files'
+maybe chmod 0755 'postfix.old/postfix-script'
+maybe chmod 0644 'postfix.old/postscreen_access.cidr'
+maybe chmod 0644 'postfix.old/postscreen_dnsbl_reply'
+maybe chmod 0755 'postfix.old/sasl'
+maybe chgrp 'postfix' 'postfix.old/sender_access.pcre'
+maybe chmod 0640 'postfix.old/sender_access.pcre'
maybe chmod 0644 'postfix/dynamicmaps.cf'
maybe chmod 0755 'postfix/dynamicmaps.cf.d'
-maybe chgrp 'postfix' 'postfix/header_checks'
-maybe chmod 0640 'postfix/header_checks'
-maybe chgrp 'postfix' 'postfix/helo_access.pcre'
-maybe chmod 0640 'postfix/helo_access.pcre'
-maybe chmod 0640 'postfix/helo_access.pcre.2016.07.20.08.58.54'
maybe chmod 0644 'postfix/main.cf'
-maybe chmod 0644 'postfix/main.cf.2016.07.20.08.58.54'
-maybe chmod 0644 'postfix/main.cf.2016.07.20.09.03.50'
-maybe chmod 0644 'postfix/main.cf.2021-01-06_22-34-07'
maybe chmod 0644 'postfix/main.cf.proto'
maybe chmod 0644 'postfix/master.cf'
-maybe chmod 0644 'postfix/master.cf.2016.07.20.08.58.54'
-maybe chmod 0644 'postfix/master.cf.2016.07.20.09.03.50'
maybe chmod 0644 'postfix/master.cf.proto'
-maybe chmod 0755 'postfix/mysql'
-maybe chgrp 'postfix' 'postfix/mysql/catchall_maps.cf'
-maybe chmod 0640 'postfix/mysql/catchall_maps.cf'
-maybe chgrp 'postfix' 'postfix/mysql/domain_alias_catchall_maps.cf'
-maybe chmod 0640 'postfix/mysql/domain_alias_catchall_maps.cf'
-maybe chgrp 'postfix' 'postfix/mysql/domain_alias_maps.cf'
-maybe chmod 0640 'postfix/mysql/domain_alias_maps.cf'
-maybe chgrp 'postfix' 'postfix/mysql/recipient_bcc_maps_domain.cf'
-maybe chmod 0640 'postfix/mysql/recipient_bcc_maps_domain.cf'
-maybe chgrp 'postfix' 'postfix/mysql/recipient_bcc_maps_user.cf'
-maybe chmod 0640 'postfix/mysql/recipient_bcc_maps_user.cf'
-maybe chgrp 'postfix' 'postfix/mysql/relay_domains.cf'
-maybe chmod 0640 'postfix/mysql/relay_domains.cf'
-maybe chgrp 'postfix' 'postfix/mysql/sender_bcc_maps_domain.cf'
-maybe chmod 0640 'postfix/mysql/sender_bcc_maps_domain.cf'
-maybe chgrp 'postfix' 'postfix/mysql/sender_bcc_maps_user.cf'
-maybe chmod 0640 'postfix/mysql/sender_bcc_maps_user.cf'
-maybe chgrp 'postfix' 'postfix/mysql/sender_dependent_relayhost_maps.cf'
-maybe chmod 0640 'postfix/mysql/sender_dependent_relayhost_maps.cf'
-maybe chgrp 'postfix' 'postfix/mysql/sender_login_maps.cf'
-maybe chmod 0640 'postfix/mysql/sender_login_maps.cf'
-maybe chgrp 'postfix' 'postfix/mysql/transport_maps_domain.cf'
-maybe chmod 0640 'postfix/mysql/transport_maps_domain.cf'
-maybe chgrp 'postfix' 'postfix/mysql/transport_maps_user.cf'
-maybe chmod 0640 'postfix/mysql/transport_maps_user.cf'
-maybe chgrp 'postfix' 'postfix/mysql/virtual_alias_maps.cf'
-maybe chmod 0640 'postfix/mysql/virtual_alias_maps.cf'
-maybe chgrp 'postfix' 'postfix/mysql/virtual_mailbox_domains.cf'
-maybe chmod 0640 'postfix/mysql/virtual_mailbox_domains.cf'
-maybe chgrp 'postfix' 'postfix/mysql/virtual_mailbox_maps.cf'
-maybe chmod 0640 'postfix/mysql/virtual_mailbox_maps.cf'
+maybe chmod 0744 'postfix/mkpostfixcert'
maybe chmod 0755 'postfix/post-install'
+maybe chmod 0644 'postfix/postfix-cert.cnf'
maybe chmod 0644 'postfix/postfix-files'
maybe chmod 0755 'postfix/postfix-files.d'
-maybe chmod 0644 'postfix/postfix-files.d/mysql.files'
maybe chmod 0644 'postfix/postfix-files.d/pcre.files'
maybe chmod 0644 'postfix/postfix-files.d/sqlite.files'
maybe chmod 0755 'postfix/postfix-script'
-maybe chmod 0644 'postfix/postscreen_access.cidr'
-maybe chmod 0644 'postfix/postscreen_dnsbl_reply'
+maybe chmod 0600 'postfix/postfix.pem'
maybe chmod 0755 'postfix/sasl'
-maybe chgrp 'postfix' 'postfix/sender_access.pcre'
-maybe chmod 0640 'postfix/sender_access.pcre'
+maybe chmod 0600 'postfix/smtp_auth'
+maybe chmod 0600 'postfix/smtp_auth.db'
maybe chmod 0755 'ppp'
maybe chmod 0755 'ppp/ip-down.d'
maybe chmod 0755 'ppp/ip-down.d/bind9'
--- /dev/null
+# See man 5 aliases for format
+
+abuse: postmaster
+adm: root
+amavis: postmaster
+apache: webmaster
+apt: frank
+bind: hostmaster
+clamav: root
+daemon: root
+fail2ban: root
+f-brehm: frank
+f.brehm: frank
+fbr: frank
+fbrehm: frank
+frak: frank
+frank-brehm: frank
+frank.brehm: frank
+frank: frank@brehm-online.com
+hostmaster: root
+iredapd: root
+mail: postmaster
+mailer-daemon: postmaster
+me: frank
+nagios: root
+named: hostmaster
+news: root
+nginx: webmaster
+nobody: noreply
+noreply: /dev/null
+package: frank
+packages: frank
+portage: frank
+postfix: postmaster
+postmaster: frank@brehm-online.com
+root: frank
+security: root
+usenet: news
+uucp: root
+virusalert: root
+vmail: root
+webmaster: root
+www: webmaster
+www-data: webmaster
--- /dev/null
+# Postfix dynamic maps configuration file.
+#
+#type location of .so file open function (mkmap func)
+#==== ================================ ============= ============
+pcre postfix-pcre.so dict_pcre_open
+sqlite postfix-sqlite.so dict_sqlite_open
+mysql postfix-mysql.so dict_mysql_open
--- /dev/null
+#---------------------------------------------------------------------
+# This file is part of iRedMail, which is an open source mail server
+# solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu.
+#
+# iRedMail is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# iRedMail is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with iRedMail. If not, see <http://www.gnu.org/licenses/>.
+#---------------------------------------------------------------------
+
+#
+# Sample Postfix check_helo_access rule. It should be localted at:
+# /etc/postfix/check_helo_access.pcre
+#
+# Shipped within iRedMail project:
+# * http://www.iredmail.org/
+#
+# Thanks all contributer(s):
+# * muniao <at> gamil.
+#
+
+# Prepend HELO hostname of sender server
+#/(.*)/ PREPEND X-Original-Helo: $1 (iRedMail: http://www.iredmail.org/)
+
+/h1693891.stratoserver.net/ OK
+
+# No one will use these in helo command.
+/^(localhost)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/^(localhost.localdomain)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(\.local)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+
+# Reject who use IP address as helo.
+# Correct: [xxx.xxx.xxx.xxx]
+# Incorrect: xxx.xxx.xxx.xxx
+/^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (${1})
+
+#
+# This is the real HELO identify of these ISPs:
+# sohu.com websmtp.sohu.com relay2nd.mail.sohu.com
+# 126.com m15-78.126.com
+# 163.com m31-189.vip.163.com m13-49.163.com
+# sina.com mail2-209.sinamail.sina.com.cn
+# gmail.com xx-out-NNNN.google.com
+/^(126\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
+/^(163\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
+/^(163\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
+/^(sohu\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
+/^(gmail\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
+/^(google\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
+/^(yahoo\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
+/^(yahoo\.co\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
+
+#
+# Spammers.
+#
+/^(728154EA470B4AA\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(taj-co\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(CF8D3DB045C1455\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(dsgsfdg\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(se\.nit7-ngbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(mail\.goo\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(n-ong_an\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(meqail\.teamefs-ine5tl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(zzg\.jhf-sp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(din_glo-ng\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(fda-cnc\.ie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(yrtaj-yrco\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(m\.am\.biz\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(xr_haig\.roup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(hjn\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(we_blf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(netvigator\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(mysam\.biz)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(mail\.teams-intl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(seningbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(nblf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(kdn\.ktguide\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(zzsp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(nblongan\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(dpu\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(nbalton\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(cncie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(xinhaigroup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/^(wz\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/(\.zj\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+/(\.kornet)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
+
+/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/^(system\.mail)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/^(speedtouch\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+
+#
+# Reject adsl spammers.
+#
+# match word `adsl` with word boundary `\b`.
+/(\badsl\b)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(\d{1,3}\.ip\.-\d{1,3}-\d{1,3}-\d{1,3}\.eu)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(pppoe)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(dsl\.brasiltelecom\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(dsl\.optinet\.hr)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(dsl\.telesp\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(dialup)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(dhcp)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(static-pool-[\d\.-]*\.flagman\.zp\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+
+/(speedy\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(speedyterra\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(static\.sbb\.rs)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+/(static\.vsnl\.net\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
+
+/(advance\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(airtelbroadband\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(bb\.netvision\.net\.il)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(broadband3\.iol\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(cable\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(catv\.broadband\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(chello\.nl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(chello\.sk)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(client\.mchsi\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(comunitel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(coprosys\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(dclient\.hispeed\.ch)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(dip0\.t-ipconnect\.de)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(domain\.invalid)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(dyn\.centurytel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(embarqhsd\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(emcali\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(epm\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(eutelia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(fastwebnet\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(fibertel\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(freedom2surf\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(hgcbroadband\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(HINET-IP\.hinet\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(infonet\.by)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(is74\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(kievnet\.com\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(metrotel\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(nw\.nuvox\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(pldt\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(pool\.invitel\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(pool\.ukrtel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(pools\.arcor-ip\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(pppoe\.avangarddsl\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(retail\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(revip2\.asianet\.co\.th)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(tim\.ro)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(tsi\.tychy\.pl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(ttnet\.net\.tr)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(tttmaxnet\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(user\.veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(utk\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(virtua\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(wanamaroc\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(wbt\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(wireless\.iaw\.on\.ca)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(business\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(cotas\.com\.bo)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(marunouchi\.tokyo\.ocn\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(amedex\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
+/(aageneva\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
--- /dev/null
+# --------------------
+# INSTALL-TIME CONFIGURATION INFORMATION
+#
+# location of the Postfix queue. Default is /var/spool/postfix.
+queue_directory = /var/spool/postfix
+
+# location of all postXXX commands. Default is /usr/sbin.
+command_directory = /usr/sbin
+
+# location of all Postfix daemon programs (i.e. programs listed in the
+# master.cf file). This directory must be owned by root.
+# Default is /usr/libexec/postfix
+#daemon_directory = /usr/lib/postfix
+
+# location of Postfix-writable data files (caches, random numbers).
+# This directory must be owned by the mail_owner account (see below).
+# Default is /var/lib/postfix.
+data_directory = /var/lib/postfix
+
+# owner of the Postfix queue and of most Postfix daemon processes.
+# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
+# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
+# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
+# Default is postfix.
+mail_owner = postfix
+
+# The following parameters are used when installing a new Postfix version.
+#
+# sendmail_path: The full pathname of the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+#
+sendmail_path = /usr/sbin/sendmail
+
+# newaliases_path: The full pathname of the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases.
+#
+newaliases_path = /usr/bin/newaliases
+
+# full pathname of the Postfix mailq command. This is the Sendmail-compatible
+# mail queue listing command.
+mailq_path = /usr/bin/mailq
+
+# group for mail submission and queue management commands.
+# This must be a group name with a numerical group ID that is not shared with
+# other accounts, not even with the Postfix account.
+setgid_group = postdrop
+
+# external command that is executed when a Postfix daemon program is run with
+# the -D option.
+#
+# Use "command .. & sleep 5" so that the debugger can attach before
+# the process marches on. If you use an X-based debugger, be sure to
+# set up your XAUTHORITY environment variable before starting Postfix.
+#
+debugger_command =
+ PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+ ddd $daemon_directory/$process_name $process_id & sleep 5
+
+debug_peer_level = 2
+
+# --------------------
+# CUSTOM SETTINGS
+#
+
+# SMTP server response code when recipient or domain not found.
+unknown_local_recipient_reject_code = 550
+
+# Do not notify local user.
+biff = no
+
+# Disable the rewriting of "site!user" into "user@site".
+swap_bangpath = no
+
+# Disable the rewriting of the form "user%domain" to "user@domain".
+allow_percent_hack = no
+
+# Allow recipient address start with '-'.
+allow_min_user = no
+
+# Disable the SMTP VRFY command. This stops some techniques used to
+# harvest email addresses.
+disable_vrfy_command = yes
+
+# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
+inet_protocols = all
+
+# Enable all network interfaces.
+inet_interfaces = all
+
+#
+# TLS settings.
+#
+# SSL key, certificate, CA
+#
+smtpd_tls_key_file = /etc/letsencrypt/live/mail.uhu-banane.net/privkey.pem
+smtpd_tls_cert_file = /etc/letsencrypt/live/mail.uhu-banane.net/fullchain.pem
+smtpd_tls_CAfile = $smtpd_tls_cert_file
+
+#
+# Disable SSLv2, SSLv3
+#
+smtpd_tls_protocols = !SSLv2 !SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
+smtp_tls_protocols = !SSLv2 !SSLv3
+smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
+lmtp_tls_protocols = !SSLv2 !SSLv3
+lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
+
+#
+# Fix 'The Logjam Attack'.
+#
+smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
+smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
+smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
+
+tls_random_source = dev:/dev/urandom
+
+# Log only a summary message on TLS handshake completion — no logging of client
+# certificate trust-chain verification errors if client certificate
+# verification is not required. With Postfix 2.8 and earlier, log the summary
+# message, peer certificate summary information and unconditionally log
+# trust-chain verification errors.
+smtp_tls_loglevel = 1
+smtpd_tls_loglevel = 1
+
+# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
+# not require that clients use TLS encryption.
+smtpd_tls_security_level = may
+
+# Produce `Received:` message headers that include information about the
+# protocol and cipher used, as well as the remote SMTP client CommonName and
+# client certificate issuer CommonName.
+# This is disabled by default, as the information may be modified in transit
+# through other mail servers. Only information that was recorded by the final
+# destination can be trusted.
+#smtpd_tls_received_header = yes
+
+# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
+# Use TLS if this is supported by the remote SMTP server, otherwise use
+# plaintext.
+# References:
+# - http://www.postfix.org/TLS_README.html#client_tls_may
+# - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
+smtp_tls_security_level = may
+
+# Use the same CA file as smtpd.
+smtp_tls_CAfile = $smtpd_tls_cert_file
+smtp_tls_note_starttls_offer = yes
+
+# Enable long, non-repeating, queue IDs (queue file names).
+# The benefit of non-repeating names is simpler logfile analysis and easier
+# queue migration (there is no need to run "postsuper" to change queue file
+# names that don't match their message file inode number).
+#enable_long_queue_ids = yes
+
+# Reject unlisted sender and recipient
+smtpd_reject_unlisted_recipient = yes
+smtpd_reject_unlisted_sender = yes
+
+# Header and body checks with PCRE table
+header_checks = pcre:/etc/postfix/header_checks
+body_checks = pcre:/etc/postfix/body_checks.pcre
+
+# HELO restriction
+smtpd_helo_required = yes
+smtpd_helo_restrictions =
+ permit_mynetworks
+ permit_sasl_authenticated
+ reject_non_fqdn_helo_hostname
+ reject_invalid_helo_hostname
+ check_helo_access pcre:/etc/postfix/helo_access.pcre
+
+# Sender restrictions
+smtpd_sender_restrictions =
+ reject_unknown_sender_domain
+ reject_non_fqdn_sender
+ reject_unlisted_sender
+ permit_mynetworks
+ permit_sasl_authenticated
+ check_sender_access pcre:/etc/postfix/sender_access.pcre
+
+# Recipient restrictions
+smtpd_recipient_restrictions =
+ reject_unknown_recipient_domain
+ reject_non_fqdn_recipient
+ reject_unlisted_recipient
+ permit_mynetworks
+ permit_sasl_authenticated
+ reject_unauth_destination
+
+ # check_policy_service inet:127.0.0.1:7777
+
+# Data restrictions
+smtpd_data_restrictions = reject_unauth_pipelining
+
+# END-OF-MESSAGE restrictions
+smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
+
+proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
+
+# Avoid duplicate recipient messages. Default is 'yes'.
+enable_original_recipient = no
+
+# Virtual support.
+virtual_minimum_uid = 2000
+virtual_uid_maps = static:2000
+virtual_gid_maps = static:2000
+virtual_mailbox_base = /home/vmail
+
+# Do not set virtual_alias_domains.
+virtual_alias_domains =
+
+#
+# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
+# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
+# be forced to submit email through port 587 instead.
+#
+#smtpd_sasl_auth_enable = yes
+#smtpd_tls_auth_only = yes
+#smtpd_sasl_security_options = noanonymous
+
+# hostname
+myhostname = mail.uhu-banane.net
+myorigin = mail.uhu-banane.net
+mydomain = uhu-banane.net
+
+# trusted SMTP clients which are allowed to relay mail through Postfix.
+#
+# Note: additional IP addresses/networks listed in mynetworks should be listed
+# in iRedAPD setting 'MYNETWORKS' too. for example:
+#
+# MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
+#
+mynetworks = 127.0.0.1, 185.48.118.130, 10.12.20.5, [2001:6f8:1db7::5]
+
+# Accepted local emails
+mydestination = $myhostname, sarah.uhu-banane.de, localhost, localhost.localdomain
+
+alias_maps = hash:/etc/postfix/aliases
+alias_database = hash:/etc/postfix/aliases
+
+# Default message_size_limit.
+message_size_limit = 52428800
+
+# The set of characters that can separate a user name from its extension
+# (example: user+foo), or a .forward file name from its extension (example:
+# .forward+foo).
+# Postfix 2.11 and later supports multiple characters.
+recipient_delimiter = +
+
+#
+# Lookup virtual mail accounts
+#
+transport_maps =
+ proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
+ proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
+
+sender_dependent_relayhost_maps =
+ proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
+
+# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
+smtpd_sender_login_maps =
+ proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
+
+virtual_mailbox_domains =
+ proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
+
+relay_domains =
+ $mydestination
+ proxy:mysql:/etc/postfix/mysql/relay_domains.cf
+
+virtual_mailbox_maps =
+ proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
+
+virtual_alias_maps =
+ proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
+ proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
+ proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
+ proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
+
+sender_bcc_maps =
+ proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
+ proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
+
+recipient_bcc_maps =
+ proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
+ proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
+postscreen_dnsbl_threshold = 2
+postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
+postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
+postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
+postscreen_greet_action = enforce
+postscreen_dnsbl_action = enforce
+postscreen_blacklist_action = enforce
+postscreen_dnsbl_whitelist_threshold = -2
+#
+# Dovecot SASL support.
+#
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/dovecot-auth
+virtual_transport = dovecot
+dovecot_destination_recipient_limit = 1
+content_filter = smtp-amavis:[127.0.0.1]:10024
+smtp-amavis_destination_recipient_limit = 1
+mailbox_size_limit = 524288000
+smtpd_tls_received_header = yes
+
+# smtpd_milters = inet:localhost:8891
+# non_smtpd_milters = inet:localhost:8891
+
+smtpd_banner = $myhostname ESMTP $mail_name $mail_version
+smtpd_sasl_authenticated_header = yes
+smtp_tls_cert_file = $smtpd_tls_cert_file
+smtp_tls_key_file = $smtpd_tls_key_file
--- /dev/null
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific: Specifying a file name will cause the first
+# line of that file to be used as the name. The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = sarah.uhu-banane.de
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = sarah.uhu-banane.de, localhost.uhu-banane.de, , localhost
+relayhost =
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
--- /dev/null
+# --------------------
+# INSTALL-TIME CONFIGURATION INFORMATION
+#
+# location of the Postfix queue. Default is /var/spool/postfix.
+queue_directory = /var/spool/postfix
+
+# location of all postXXX commands. Default is /usr/sbin.
+command_directory = /usr/sbin
+
+# location of all Postfix daemon programs (i.e. programs listed in the
+# master.cf file). This directory must be owned by root.
+# Default is /usr/libexec/postfix
+daemon_directory = /usr/lib/postfix
+
+# location of Postfix-writable data files (caches, random numbers).
+# This directory must be owned by the mail_owner account (see below).
+# Default is /var/lib/postfix.
+data_directory = /var/lib/postfix
+
+# owner of the Postfix queue and of most Postfix daemon processes.
+# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
+# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
+# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
+# Default is postfix.
+mail_owner = postfix
+
+# The following parameters are used when installing a new Postfix version.
+#
+# sendmail_path: The full pathname of the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+#
+sendmail_path = /usr/sbin/sendmail
+
+# newaliases_path: The full pathname of the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases.
+#
+newaliases_path = /usr/bin/newaliases
+
+# full pathname of the Postfix mailq command. This is the Sendmail-compatible
+# mail queue listing command.
+mailq_path = /usr/bin/mailq
+
+# group for mail submission and queue management commands.
+# This must be a group name with a numerical group ID that is not shared with
+# other accounts, not even with the Postfix account.
+setgid_group = postdrop
+
+# external command that is executed when a Postfix daemon program is run with
+# the -D option.
+#
+# Use "command .. & sleep 5" so that the debugger can attach before
+# the process marches on. If you use an X-based debugger, be sure to
+# set up your XAUTHORITY environment variable before starting Postfix.
+#
+debugger_command =
+ PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+ ddd $daemon_directory/$process_name $process_id & sleep 5
+
+debug_peer_level = 2
+
+# --------------------
+# CUSTOM SETTINGS
+#
+
+# SMTP server response code when recipient or domain not found.
+unknown_local_recipient_reject_code = 550
+
+# Do not notify local user.
+biff = no
+
+# Disable the rewriting of "site!user" into "user@site".
+swap_bangpath = no
+
+# Disable the rewriting of the form "user%domain" to "user@domain".
+allow_percent_hack = no
+
+# Allow recipient address start with '-'.
+allow_min_user = no
+
+# Disable the SMTP VRFY command. This stops some techniques used to
+# harvest email addresses.
+disable_vrfy_command = yes
+
+# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
+inet_protocols = all
+
+# Enable all network interfaces.
+inet_interfaces = all
+
+#
+# TLS settings.
+#
+# SSL key, certificate, CA
+#
+smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
+smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
+smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
+
+#
+# Disable SSLv2, SSLv3
+#
+smtpd_tls_protocols = !SSLv2 !SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
+smtp_tls_protocols = !SSLv2 !SSLv3
+smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
+lmtp_tls_protocols = !SSLv2 !SSLv3
+lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
+
+#
+# Fix 'The Logjam Attack'.
+#
+smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
+smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
+smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
+
+tls_random_source = dev:/dev/urandom
+
+# Log only a summary message on TLS handshake completion — no logging of client
+# certificate trust-chain verification errors if client certificate
+# verification is not required. With Postfix 2.8 and earlier, log the summary
+# message, peer certificate summary information and unconditionally log
+# trust-chain verification errors.
+smtp_tls_loglevel = 1
+smtpd_tls_loglevel = 1
+
+# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
+# not require that clients use TLS encryption.
+smtpd_tls_security_level = may
+
+# Produce `Received:` message headers that include information about the
+# protocol and cipher used, as well as the remote SMTP client CommonName and
+# client certificate issuer CommonName.
+# This is disabled by default, as the information may be modified in transit
+# through other mail servers. Only information that was recorded by the final
+# destination can be trusted.
+#smtpd_tls_received_header = yes
+
+# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
+# Use TLS if this is supported by the remote SMTP server, otherwise use
+# plaintext.
+# References:
+# - http://www.postfix.org/TLS_README.html#client_tls_may
+# - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
+smtp_tls_security_level = may
+
+# Use the same CA file as smtpd.
+smtp_tls_CAfile = $smtpd_tls_CAfile
+smtp_tls_note_starttls_offer = yes
+
+# Enable long, non-repeating, queue IDs (queue file names).
+# The benefit of non-repeating names is simpler logfile analysis and easier
+# queue migration (there is no need to run "postsuper" to change queue file
+# names that don't match their message file inode number).
+#enable_long_queue_ids = yes
+
+# Reject unlisted sender and recipient
+smtpd_reject_unlisted_recipient = yes
+smtpd_reject_unlisted_sender = yes
+
+# Header and body checks with PCRE table
+header_checks = pcre:/etc/postfix/header_checks
+body_checks = pcre:/etc/postfix/body_checks.pcre
+
+# HELO restriction
+smtpd_helo_required = yes
+smtpd_helo_restrictions =
+ permit_mynetworks
+ permit_sasl_authenticated
+ reject_non_fqdn_helo_hostname
+ reject_invalid_helo_hostname
+ check_helo_access pcre:/etc/postfix/helo_access.pcre
+
+# Sender restrictions
+smtpd_sender_restrictions =
+ reject_unknown_sender_domain
+ reject_non_fqdn_sender
+ reject_unlisted_sender
+ permit_mynetworks
+ permit_sasl_authenticated
+ check_sender_access pcre:/etc/postfix/sender_access.pcre
+
+# Recipient restrictions
+smtpd_recipient_restrictions =
+ reject_unknown_recipient_domain
+ reject_non_fqdn_recipient
+ reject_unlisted_recipient
+ check_policy_service inet:127.0.0.1:7777
+ permit_mynetworks
+ permit_sasl_authenticated
+ reject_unauth_destination
+
+# Data restrictions
+smtpd_data_restrictions = reject_unauth_pipelining
+
+# END-OF-MESSAGE restrictions
+smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
+
+proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
+
+# Avoid duplicate recipient messages. Default is 'yes'.
+enable_original_recipient = no
+
+# Virtual support.
+virtual_minimum_uid = 2000
+virtual_uid_maps = static:2000
+virtual_gid_maps = static:2000
+virtual_mailbox_base = /home/vmail
+
+# Do not set virtual_alias_domains.
+virtual_alias_domains =
+
+#
+# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
+# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
+# be forced to submit email through port 587 instead.
+#
+#smtpd_sasl_auth_enable = yes
+#smtpd_tls_auth_only = yes
+#smtpd_sasl_security_options = noanonymous
+
+# hostname
+myhostname = sarah.uhu-banane.de
+myorigin = sarah.uhu-banane.de
+mydomain = sarah.uhu-banane.de
+
+# trusted SMTP clients which are allowed to relay mail through Postfix.
+#
+# Note: additional IP addresses/networks listed in mynetworks should be listed
+# in iRedAPD setting 'MYNETWORKS' too. for example:
+#
+# MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
+#
+mynetworks = 127.0.0.1
+
+# Accepted local emails
+mydestination = $myhostname, localhost, localhost.localdomain
+
+alias_maps = hash:/etc/postfix/aliases
+alias_database = hash:/etc/postfix/aliases
+
+# Default message_size_limit.
+message_size_limit = 15728640
+
+# The set of characters that can separate a user name from its extension
+# (example: user+foo), or a .forward file name from its extension (example:
+# .forward+foo).
+# Postfix 2.11 and later supports multiple characters.
+recipient_delimiter = +
+
+#
+# Lookup virtual mail accounts
+#
+transport_maps =
+ proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
+ proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
+
+sender_dependent_relayhost_maps =
+ proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
+
+# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
+smtpd_sender_login_maps =
+ proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
+
+virtual_mailbox_domains =
+ proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
+
+relay_domains =
+ $mydestination
+ proxy:mysql:/etc/postfix/mysql/relay_domains.cf
+
+virtual_mailbox_maps =
+ proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
+
+virtual_alias_maps =
+ proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
+ proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
+ proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
+ proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
+
+sender_bcc_maps =
+ proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
+ proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
+
+recipient_bcc_maps =
+ proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
+ proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
--- /dev/null
+# --------------------
+# INSTALL-TIME CONFIGURATION INFORMATION
+#
+# location of the Postfix queue. Default is /var/spool/postfix.
+queue_directory = /var/spool/postfix
+
+# location of all postXXX commands. Default is /usr/sbin.
+command_directory = /usr/sbin
+
+# location of all Postfix daemon programs (i.e. programs listed in the
+# master.cf file). This directory must be owned by root.
+# Default is /usr/libexec/postfix
+#daemon_directory = /usr/lib/postfix
+
+# location of Postfix-writable data files (caches, random numbers).
+# This directory must be owned by the mail_owner account (see below).
+# Default is /var/lib/postfix.
+data_directory = /var/lib/postfix
+
+# owner of the Postfix queue and of most Postfix daemon processes.
+# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
+# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
+# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
+# Default is postfix.
+mail_owner = postfix
+
+# The following parameters are used when installing a new Postfix version.
+#
+# sendmail_path: The full pathname of the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+#
+sendmail_path = /usr/sbin/sendmail
+
+# newaliases_path: The full pathname of the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases.
+#
+newaliases_path = /usr/bin/newaliases
+
+# full pathname of the Postfix mailq command. This is the Sendmail-compatible
+# mail queue listing command.
+mailq_path = /usr/bin/mailq
+
+# group for mail submission and queue management commands.
+# This must be a group name with a numerical group ID that is not shared with
+# other accounts, not even with the Postfix account.
+setgid_group = postdrop
+
+# external command that is executed when a Postfix daemon program is run with
+# the -D option.
+#
+# Use "command .. & sleep 5" so that the debugger can attach before
+# the process marches on. If you use an X-based debugger, be sure to
+# set up your XAUTHORITY environment variable before starting Postfix.
+#
+debugger_command =
+ PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+ ddd $daemon_directory/$process_name $process_id & sleep 5
+
+debug_peer_level = 2
+
+# --------------------
+# CUSTOM SETTINGS
+#
+
+# SMTP server response code when recipient or domain not found.
+unknown_local_recipient_reject_code = 550
+
+# Do not notify local user.
+biff = no
+
+# Disable the rewriting of "site!user" into "user@site".
+swap_bangpath = no
+
+# Disable the rewriting of the form "user%domain" to "user@domain".
+allow_percent_hack = no
+
+# Allow recipient address start with '-'.
+allow_min_user = no
+
+# Disable the SMTP VRFY command. This stops some techniques used to
+# harvest email addresses.
+disable_vrfy_command = yes
+
+# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
+inet_protocols = all
+
+# Enable all network interfaces.
+inet_interfaces = all
+
+#
+# TLS settings.
+#
+# SSL key, certificate, CA
+#
+smtpd_tls_key_file = /etc/letsencrypt/live/mail.uhu-banane.net/privkey.pem
+smtpd_tls_cert_file = /etc/letsencrypt/live/mail.uhu-banane.net/fullchain.pem
+smtpd_tls_CAfile = $smtpd_tls_cert_file
+
+#
+# Disable SSLv2, SSLv3
+#
+smtpd_tls_protocols = !SSLv2 !SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
+smtp_tls_protocols = !SSLv2 !SSLv3
+smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
+lmtp_tls_protocols = !SSLv2 !SSLv3
+lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
+
+#
+# Fix 'The Logjam Attack'.
+#
+smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
+smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
+smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
+
+tls_random_source = dev:/dev/urandom
+
+# Log only a summary message on TLS handshake completion — no logging of client
+# certificate trust-chain verification errors if client certificate
+# verification is not required. With Postfix 2.8 and earlier, log the summary
+# message, peer certificate summary information and unconditionally log
+# trust-chain verification errors.
+smtp_tls_loglevel = 1
+smtpd_tls_loglevel = 1
+
+# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
+# not require that clients use TLS encryption.
+smtpd_tls_security_level = may
+
+# Produce `Received:` message headers that include information about the
+# protocol and cipher used, as well as the remote SMTP client CommonName and
+# client certificate issuer CommonName.
+# This is disabled by default, as the information may be modified in transit
+# through other mail servers. Only information that was recorded by the final
+# destination can be trusted.
+#smtpd_tls_received_header = yes
+
+# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
+# Use TLS if this is supported by the remote SMTP server, otherwise use
+# plaintext.
+# References:
+# - http://www.postfix.org/TLS_README.html#client_tls_may
+# - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
+smtp_tls_security_level = may
+
+# Use the same CA file as smtpd.
+smtp_tls_CAfile = $smtpd_tls_cert_file
+smtp_tls_note_starttls_offer = yes
+
+# Enable long, non-repeating, queue IDs (queue file names).
+# The benefit of non-repeating names is simpler logfile analysis and easier
+# queue migration (there is no need to run "postsuper" to change queue file
+# names that don't match their message file inode number).
+#enable_long_queue_ids = yes
+
+# Reject unlisted sender and recipient
+smtpd_reject_unlisted_recipient = yes
+smtpd_reject_unlisted_sender = yes
+
+# Header and body checks with PCRE table
+header_checks = pcre:/etc/postfix/header_checks
+body_checks = pcre:/etc/postfix/body_checks.pcre
+
+# HELO restriction
+smtpd_helo_required = yes
+smtpd_helo_restrictions =
+ permit_mynetworks
+ permit_sasl_authenticated
+ reject_non_fqdn_helo_hostname
+ reject_invalid_helo_hostname
+ check_helo_access pcre:/etc/postfix/helo_access.pcre
+
+# Sender restrictions
+smtpd_sender_restrictions =
+ reject_unknown_sender_domain
+ reject_non_fqdn_sender
+ reject_unlisted_sender
+ permit_mynetworks
+ permit_sasl_authenticated
+ check_sender_access pcre:/etc/postfix/sender_access.pcre
+
+# Recipient restrictions
+smtpd_recipient_restrictions =
+ reject_unknown_recipient_domain
+ reject_non_fqdn_recipient
+ reject_unlisted_recipient
+ check_policy_service inet:127.0.0.1:7777
+ permit_mynetworks
+ permit_sasl_authenticated
+ reject_unauth_destination
+
+# Data restrictions
+smtpd_data_restrictions = reject_unauth_pipelining
+
+# END-OF-MESSAGE restrictions
+smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
+
+proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
+
+# Avoid duplicate recipient messages. Default is 'yes'.
+enable_original_recipient = no
+
+# Virtual support.
+virtual_minimum_uid = 2000
+virtual_uid_maps = static:2000
+virtual_gid_maps = static:2000
+virtual_mailbox_base = /home/vmail
+
+# Do not set virtual_alias_domains.
+virtual_alias_domains =
+
+#
+# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
+# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
+# be forced to submit email through port 587 instead.
+#
+#smtpd_sasl_auth_enable = yes
+#smtpd_tls_auth_only = yes
+#smtpd_sasl_security_options = noanonymous
+
+# hostname
+myhostname = mail.uhu-banane.net
+myorigin = mail.uhu-banane.net
+mydomain = uhu-banane.net
+
+# trusted SMTP clients which are allowed to relay mail through Postfix.
+#
+# Note: additional IP addresses/networks listed in mynetworks should be listed
+# in iRedAPD setting 'MYNETWORKS' too. for example:
+#
+# MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
+#
+mynetworks = 127.0.0.1, 185.48.118.130, 10.12.20.5, [2001:6f8:1db7::5]
+
+# Accepted local emails
+mydestination = $myhostname, sarah.uhu-banane.de, localhost, localhost.localdomain
+
+alias_maps = hash:/etc/postfix/aliases
+alias_database = hash:/etc/postfix/aliases
+
+# Default message_size_limit.
+message_size_limit = 52428800
+
+# The set of characters that can separate a user name from its extension
+# (example: user+foo), or a .forward file name from its extension (example:
+# .forward+foo).
+# Postfix 2.11 and later supports multiple characters.
+recipient_delimiter = +
+
+#
+# Lookup virtual mail accounts
+#
+transport_maps =
+ proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
+ proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
+
+sender_dependent_relayhost_maps =
+ proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
+
+# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
+smtpd_sender_login_maps =
+ proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
+
+virtual_mailbox_domains =
+ proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
+
+relay_domains =
+ $mydestination
+ proxy:mysql:/etc/postfix/mysql/relay_domains.cf
+
+virtual_mailbox_maps =
+ proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
+
+virtual_alias_maps =
+ proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
+ proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
+ proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
+ proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
+
+sender_bcc_maps =
+ proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
+ proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
+
+recipient_bcc_maps =
+ proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
+ proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
+postscreen_dnsbl_threshold = 2
+postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
+postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
+postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
+postscreen_greet_action = enforce
+postscreen_dnsbl_action = enforce
+postscreen_blacklist_action = enforce
+postscreen_dnsbl_whitelist_threshold = -2
+#
+# Dovecot SASL support.
+#
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/dovecot-auth
+virtual_transport = dovecot
+dovecot_destination_recipient_limit = 1
+content_filter = smtp-amavis:[127.0.0.1]:10024
+smtp-amavis_destination_recipient_limit = 1
+mailbox_size_limit = 524288000
+smtpd_tls_received_header = yes
+
+# smtpd_milters = inet:localhost:8891
+# non_smtpd_milters = inet:localhost:8891
+
+smtpd_banner = $myhostname ESMTP $mail_name $mail_version
+smtpd_sasl_authenticated_header = yes
+smtp_tls_cert_file = $smtpd_tls_cert_file
+smtp_tls_key_file = $smtpd_tls_key_file
--- /dev/null
+# Global Postfix configuration file. This file lists only a subset
+# of all parameters. For the syntax, and for a complete parameter
+# list, see the postconf(5) manual page (command: "man 5 postconf").
+#
+# For common configuration examples, see BASIC_CONFIGURATION_README
+# and STANDARD_CONFIGURATION_README. To find these documents, use
+# the command "postconf html_directory readme_directory", or go to
+# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
+#
+# For best results, change no more than 2-3 parameters at a time,
+# and test if Postfix still works after every change.
+
+# COMPATIBILITY
+#
+# The compatibility_level determines what default settings Postfix
+# will use for main.cf and master.cf settings. These defaults will
+# change over time.
+#
+# To avoid breaking things, Postfix will use backwards-compatible
+# default settings and log where it uses those old backwards-compatible
+# default settings, until the system administrator has determined
+# if any backwards-compatible default settings need to be made
+# permanent in main.cf or master.cf.
+#
+# When this review is complete, update the compatibility_level setting
+# below as recommended in the RELEASE_NOTES file.
+#
+# The level below is what should be used with new (not upgrade) installs.
+#
+compatibility_level = 2
+
+# SOFT BOUNCE
+#
+# The soft_bounce parameter provides a limited safety net for
+# testing. When soft_bounce is enabled, mail will remain queued that
+# would otherwise bounce. This parameter disables locally-generated
+# bounces, and prevents the SMTP server from rejecting mail permanently
+# (by changing 5xx replies into 4xx replies). However, soft_bounce
+# is no cure for address rewriting mistakes or mail routing mistakes.
+#
+#soft_bounce = no
+
+# LOCAL PATHNAME INFORMATION
+#
+# The queue_directory specifies the location of the Postfix queue.
+# This is also the root directory of Postfix daemons that run chrooted.
+# See the files in examples/chroot-setup for setting up Postfix chroot
+# environments on different UNIX systems.
+#
+#queue_directory = /var/spool/postfix
+
+# The command_directory parameter specifies the location of all
+# postXXX commands.
+#
+command_directory = /usr/sbin
+
+# The daemon_directory parameter specifies the location of all Postfix
+# daemon programs (i.e. programs listed in the master.cf file). This
+# directory must be owned by root.
+#
+daemon_directory = /usr/lib/postfix/sbin
+
+# The data_directory parameter specifies the location of Postfix-writable
+# data files (caches, random numbers). This directory must be owned
+# by the mail_owner account (see below).
+#
+data_directory = /var/lib/postfix
+
+# QUEUE AND PROCESS OWNERSHIP
+#
+# The mail_owner parameter specifies the owner of the Postfix queue
+# and of most Postfix daemon processes. Specify the name of a user
+# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
+# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
+# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
+# USER.
+#
+#mail_owner = postfix
+
+# The default_privs parameter specifies the default rights used by
+# the local delivery agent for delivery to external file or command.
+# These rights are used in the absence of a recipient user context.
+# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
+#
+#default_privs = nobody
+
+# INTERNET HOST AND DOMAIN NAMES
+#
+# The myhostname parameter specifies the internet hostname of this
+# mail system. The default is to use the fully-qualified domain name
+# from gethostname(). $myhostname is used as a default value for many
+# other configuration parameters.
+#
+#myhostname = host.domain.tld
+#myhostname = virtual.domain.tld
+
+# The mydomain parameter specifies the local internet domain name.
+# The default is to use $myhostname minus the first component.
+# $mydomain is used as a default value for many other configuration
+# parameters.
+#
+#mydomain = domain.tld
+
+# SENDING MAIL
+#
+# The myorigin parameter specifies the domain that locally-posted
+# mail appears to come from. The default is to append $myhostname,
+# which is fine for small sites. If you run a domain with multiple
+# machines, you should (1) change this to $mydomain and (2) set up
+# a domain-wide alias database that aliases each user to
+# user@that.users.mailhost.
+#
+# For the sake of consistency between sender and recipient addresses,
+# myorigin also specifies the default domain name that is appended
+# to recipient addresses that have no @domain part.
+#
+# Debian GNU/Linux specific: Specifying a file name will cause the
+# first line of that file to be used as the name. The Debian default
+# is /etc/mailname.
+#
+#myorigin = /etc/mailname
+#myorigin = $myhostname
+#myorigin = $mydomain
+
+# RECEIVING MAIL
+
+# The inet_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on. By default,
+# the software claims all active interfaces on the machine. The
+# parameter also controls delivery of mail to user@[ip.address].
+#
+# See also the proxy_interfaces parameter, for network addresses that
+# are forwarded to us via a proxy or network address translator.
+#
+# Note: you need to stop/start Postfix when this parameter changes.
+#
+#inet_interfaces = all
+#inet_interfaces = $myhostname
+#inet_interfaces = $myhostname, localhost
+
+# The proxy_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on by way of a
+# proxy or network address translation unit. This setting extends
+# the address list specified with the inet_interfaces parameter.
+#
+# You must specify your proxy/NAT addresses when your system is a
+# backup MX host for other domains, otherwise mail delivery loops
+# will happen when the primary MX host is down.
+#
+#proxy_interfaces =
+#proxy_interfaces = 1.2.3.4
+
+# The mydestination parameter specifies the list of domains that this
+# machine considers itself the final destination for.
+#
+# These domains are routed to the delivery agent specified with the
+# local_transport parameter setting. By default, that is the UNIX
+# compatible delivery agent that lookups all recipients in /etc/passwd
+# and /etc/aliases or their equivalent.
+#
+# The default is $myhostname + localhost.$mydomain + localhost. On
+# a mail domain gateway, you should also include $mydomain.
+#
+# Do not specify the names of virtual domains - those domains are
+# specified elsewhere (see VIRTUAL_README).
+#
+# Do not specify the names of domains that this machine is backup MX
+# host for. Specify those names via the relay_domains settings for
+# the SMTP server, or use permit_mx_backup if you are lazy (see
+# STANDARD_CONFIGURATION_README).
+#
+# The local machine is always the final destination for mail addressed
+# to user@[the.net.work.address] of an interface that the mail system
+# receives mail on (see the inet_interfaces parameter).
+#
+# Specify a list of host or domain names, /file/name or type:table
+# patterns, separated by commas and/or whitespace. A /file/name
+# pattern is replaced by its contents; a type:table is matched when
+# a name matches a lookup key (the right-hand side is ignored).
+# Continue long lines by starting the next line with whitespace.
+#
+# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
+#
+#mydestination = $myhostname, localhost.$mydomain, localhost
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
+# mail.$mydomain, www.$mydomain, ftp.$mydomain
+
+# REJECTING MAIL FOR UNKNOWN LOCAL USERS
+#
+# The local_recipient_maps parameter specifies optional lookup tables
+# with all names or addresses of users that are local with respect
+# to $mydestination, $inet_interfaces or $proxy_interfaces.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown local users. This parameter is defined by default.
+#
+# To turn off local recipient checking in the SMTP server, specify
+# local_recipient_maps = (i.e. empty).
+#
+# The default setting assumes that you use the default Postfix local
+# delivery agent for local delivery. You need to update the
+# local_recipient_maps setting if:
+#
+# - You define $mydestination domain recipients in files other than
+# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
+# For example, you define $mydestination domain recipients in
+# the $virtual_mailbox_maps files.
+#
+# - You redefine the local delivery agent in master.cf.
+#
+# - You redefine the "local_transport" setting in main.cf.
+#
+# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
+# feature of the Postfix local delivery agent (see local(8)).
+#
+# Details are described in the LOCAL_RECIPIENT_README file.
+#
+# Beware: if the Postfix SMTP server runs chrooted, you probably have
+# to access the passwd file via the proxymap service, in order to
+# overcome chroot restrictions. The alternative, having a copy of
+# the system passwd file in the chroot jail is just not practical.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify a bare username, an @domain.tld
+# wild-card, or specify a user@domain.tld address.
+#
+#local_recipient_maps = unix:passwd.byname $alias_maps
+#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+#local_recipient_maps =
+
+# The unknown_local_recipient_reject_code specifies the SMTP server
+# response code when a recipient domain matches $mydestination or
+# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
+# and the recipient address or address local-part is not found.
+#
+# The default setting is 550 (reject mail) but it is safer to start
+# with 450 (try again later) until you are certain that your
+# local_recipient_maps settings are OK.
+#
+unknown_local_recipient_reject_code = 550
+
+# TRUST AND RELAY CONTROL
+
+# The mynetworks parameter specifies the list of "trusted" SMTP
+# clients that have more privileges than "strangers".
+#
+# In particular, "trusted" SMTP clients are allowed to relay mail
+# through Postfix. See the smtpd_recipient_restrictions parameter
+# in postconf(5).
+#
+# You can specify the list of "trusted" network addresses by hand
+# or you can let Postfix do it for you (which is the default).
+#
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
+# clients in the same IP subnetworks as the local machine.
+# On Linux, this does works correctly only with interfaces specified
+# with the "ifconfig" command.
+#
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
+# clients in the same IP class A/B/C networks as the local machine.
+# Don't do this with a dialup site - it would cause Postfix to "trust"
+# your entire provider's network. Instead, specify an explicit
+# mynetworks list by hand, as described below.
+#
+# Specify "mynetworks_style = host" when Postfix should "trust"
+# only the local machine.
+#
+#mynetworks_style = class
+#mynetworks_style = subnet
+#mynetworks_style = host
+
+# Alternatively, you can specify the mynetworks list by hand, in
+# which case Postfix ignores the mynetworks_style setting.
+#
+# Specify an explicit list of network/netmask patterns, where the
+# mask specifies the number of bits in the network part of a host
+# address.
+#
+# You can also specify the absolute pathname of a pattern file instead
+# of listing the patterns here. Specify type:table for table-based lookups
+# (the value on the table right-hand side is not used).
+#
+#mynetworks = 168.100.189.0/28, 127.0.0.0/8
+#mynetworks = $config_directory/mynetworks
+#mynetworks = hash:/etc/postfix/network_table
+mynetworks = 127.0.0.0/8
+
+# The relay_domains parameter restricts what destinations this system will
+# relay mail to. See the smtpd_recipient_restrictions description in
+# postconf(5) for detailed information.
+#
+# By default, Postfix relays mail
+# - from "trusted" clients (IP address matches $mynetworks) to any destination,
+# - from "untrusted" clients to destinations that match $relay_domains or
+# subdomains thereof, except addresses with sender-specified routing.
+# The default relay_domains value is $mydestination.
+#
+# In addition to the above, the Postfix SMTP server by default accepts mail
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces or $proxy_interfaces,
+# - destinations that match $mydestination
+# - destinations that match $virtual_alias_domains,
+# - destinations that match $virtual_mailbox_domains.
+# These destinations do not need to be listed in $relay_domains.
+#
+# Specify a list of hosts or domains, /file/name patterns or type:name
+# lookup tables, separated by commas and/or whitespace. Continue
+# long lines by starting the next line with whitespace. A file name
+# is replaced by its contents; a type:name table is matched when a
+# (parent) domain appears as lookup key.
+#
+# NOTE: Postfix will not automatically forward mail for domains that
+# list this system as their primary or backup MX host. See the
+# permit_mx_backup restriction description in postconf(5).
+#
+#relay_domains = $mydestination
+
+# INTERNET OR INTRANET
+
+# The relayhost parameter specifies the default host to send mail to
+# when no entry is matched in the optional transport(5) table. When
+# no relayhost is given, mail is routed directly to the destination.
+#
+# On an intranet, specify the organizational domain name. If your
+# internal DNS uses no MX records, specify the name of the intranet
+# gateway host instead.
+#
+# In the case of SMTP, specify a domain, host, host:port, [host]:port,
+# [address] or [address]:port; the form [host] turns off MX lookups.
+#
+# If you're connected via UUCP, see also the default_transport parameter.
+#
+#relayhost = $mydomain
+#relayhost = [gateway.my.domain]
+#relayhost = [mailserver.isp.tld]
+#relayhost = uucphost
+#relayhost = [an.ip.add.ress]
+
+# REJECTING UNKNOWN RELAY USERS
+#
+# The relay_recipient_maps parameter specifies optional lookup tables
+# with all addresses in the domains that match $relay_domains.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown relay users. This feature is off by default.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify an @domain.tld wild-card, or specify
+# a user@domain.tld address.
+#
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+
+# INPUT RATE CONTROL
+#
+# The in_flow_delay configuration parameter implements mail input
+# flow control. This feature is turned on by default, although it
+# still needs further development (it's disabled on SCO UNIX due
+# to an SCO bug).
+#
+# A Postfix process will pause for $in_flow_delay seconds before
+# accepting a new message, when the message arrival rate exceeds the
+# message delivery rate. With the default 100 SMTP server process
+# limit, this limits the mail inflow to 100 messages a second more
+# than the number of messages delivered per second.
+#
+# Specify 0 to disable the feature. Valid delays are 0..10.
+#
+#in_flow_delay = 1s
+
+# ADDRESS REWRITING
+#
+# The ADDRESS_REWRITING_README document gives information about
+# address masquerading or other forms of address rewriting including
+# username->Firstname.Lastname mapping.
+
+# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
+#
+# The VIRTUAL_README document gives information about the many forms
+# of domain hosting that Postfix supports.
+
+# "USER HAS MOVED" BOUNCE MESSAGES
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# TRANSPORT MAP
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# ALIAS DATABASE
+#
+# The alias_maps parameter specifies the list of alias databases used
+# by the local delivery agent. The default list is system dependent.
+#
+# On systems with NIS, the default is to search the local alias
+# database, then the NIS alias database. See aliases(5) for syntax
+# details.
+#
+# If you change the alias database, run "postalias /etc/aliases" (or
+# wherever your system stores the mail alias file), or simply run
+# "newaliases" to build the necessary DBM or DB file.
+#
+# It will take a minute or so before changes become visible. Use
+# "postfix reload" to eliminate the delay.
+#
+#alias_maps = dbm:/etc/aliases
+#alias_maps = hash:/etc/aliases
+#alias_maps = hash:/etc/aliases, nis:mail.aliases
+#alias_maps = netinfo:/aliases
+
+# The alias_database parameter specifies the alias database(s) that
+# are built with "newaliases" or "sendmail -bi". This is a separate
+# configuration parameter, because alias_maps (see above) may specify
+# tables that are not necessarily all under control by Postfix.
+#
+#alias_database = dbm:/etc/aliases
+#alias_database = dbm:/etc/mail/aliases
+#alias_database = hash:/etc/aliases
+#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
+
+# ADDRESS EXTENSIONS (e.g., user+foo)
+#
+# The recipient_delimiter parameter specifies the separator between
+# user names and address extensions (user+foo). See canonical(5),
+# local(8), relocated(5) and virtual(5) for the effects this has on
+# aliases, canonical, virtual, relocated and .forward file lookups.
+# Basically, the software tries user+foo and .forward+foo before
+# trying user and .forward.
+#
+#recipient_delimiter = +
+
+# DELIVERY TO MAILBOX
+#
+# The home_mailbox parameter specifies the optional pathname of a
+# mailbox file relative to a user's home directory. The default
+# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
+# "Maildir/" for qmail-style delivery (the / is required).
+#
+#home_mailbox = Mailbox
+#home_mailbox = Maildir/
+
+# The mail_spool_directory parameter specifies the directory where
+# UNIX-style mailboxes are kept. The default setting depends on the
+# system type.
+#
+#mail_spool_directory = /var/mail
+#mail_spool_directory = /var/spool/mail
+
+# The mailbox_command parameter specifies the optional external
+# command to use instead of mailbox delivery. The command is run as
+# the recipient with proper HOME, SHELL and LOGNAME environment settings.
+# Exception: delivery for root is done as $default_user.
+#
+# Other environment variables of interest: USER (recipient username),
+# EXTENSION (address extension), DOMAIN (domain part of address),
+# and LOCAL (the address localpart).
+#
+# Unlike other Postfix configuration parameters, the mailbox_command
+# parameter is not subjected to $parameter substitutions. This is to
+# make it easier to specify shell syntax (see example below).
+#
+# Avoid shell meta characters because they will force Postfix to run
+# an expensive shell process. Procmail alone is expensive enough.
+#
+# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
+# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
+#
+#mailbox_command = /usr/bin/procmail
+#mailbox_command = /usr/bin/procmail -a "$EXTENSION"
+
+# The mailbox_transport specifies the optional transport in master.cf
+# to use after processing aliases and .forward files. This parameter
+# has precedence over the mailbox_command, fallback_transport and
+# luser_relay parameters.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf. The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
+# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
+#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
+#
+# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
+# subsequent line in master.cf.
+#mailbox_transport = cyrus
+
+# The fallback_transport specifies the optional transport in master.cf
+# to use for recipients that are not found in the UNIX passwd database.
+# This parameter has precedence over the luser_relay parameter.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf. The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#fallback_transport = lmtp:unix:/file/name
+#fallback_transport = cyrus
+#fallback_transport =
+
+# The luser_relay parameter specifies an optional destination address
+# for unknown recipients. By default, mail for unknown@$mydestination,
+# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
+# as undeliverable.
+#
+# The following expansions are done on luser_relay: $user (recipient
+# username), $shell (recipient shell), $home (recipient home directory),
+# $recipient (full recipient address), $extension (recipient address
+# extension), $domain (recipient domain), $local (entire recipient
+# localpart), $recipient_delimiter. Specify ${name?value} or
+# ${name:value} to expand value only when $name does (does not) exist.
+#
+# luser_relay works only for the default Postfix local delivery agent.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must specify "local_recipient_maps =" (i.e. empty) in
+# the main.cf file, otherwise the SMTP server will reject mail for
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#luser_relay = $user@other.host
+#luser_relay = $local@other.host
+#luser_relay = admin+$local
+
+# JUNK MAIL CONTROLS
+#
+# The controls listed here are only a very small subset. The file
+# SMTPD_ACCESS_README provides an overview.
+
+# The header_checks parameter specifies an optional table with patterns
+# that each logical message header is matched against, including
+# headers that span multiple physical lines.
+#
+# By default, these patterns also apply to MIME headers and to the
+# headers of attached messages. With older Postfix versions, MIME and
+# attached message headers were treated as body text.
+#
+# For details, see "man header_checks".
+#
+#header_checks = regexp:/etc/postfix/header_checks
+
+# FAST ETRN SERVICE
+#
+# Postfix maintains per-destination logfiles with information about
+# deferred mail, so that mail can be flushed quickly with the SMTP
+# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
+# See the ETRN_README document for a detailed description.
+#
+# The fast_flush_domains parameter controls what destinations are
+# eligible for this service. By default, they are all domains that
+# this server is willing to relay mail to.
+#
+#fast_flush_domains = $relay_domains
+
+# SHOW SOFTWARE VERSION OR NOT
+#
+# The smtpd_banner parameter specifies the text that follows the 220
+# code in the SMTP server's greeting banner. Some people like to see
+# the mail version advertised. By default, Postfix shows no version.
+#
+# You MUST specify $myhostname at the start of the text. That is an
+# RFC requirement. Postfix itself does not care.
+#
+#smtpd_banner = $myhostname ESMTP $mail_name
+#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+
+
+# PARALLEL DELIVERY TO THE SAME DESTINATION
+#
+# How many parallel deliveries to the same user or domain? With local
+# delivery, it does not make sense to do massively parallel delivery
+# to the same user, because mailbox updates must happen sequentially,
+# and expensive pipelines in .forward files can cause disasters when
+# too many are run at the same time. With SMTP deliveries, 10
+# simultaneous connections to the same domain could be sufficient to
+# raise eyebrows.
+#
+# Each message delivery transport has its XXX_destination_concurrency_limit
+# parameter. The default is $default_destination_concurrency_limit for
+# most delivery transports. For the local delivery agent the default is 2.
+
+#local_destination_concurrency_limit = 2
+#default_destination_concurrency_limit = 20
+
+# DEBUGGING CONTROL
+#
+# The debug_peer_level parameter specifies the increment in verbose
+# logging level when an SMTP client or server host name or address
+# matches a pattern in the debug_peer_list parameter.
+#
+#debug_peer_level = 2
+
+# The debug_peer_list parameter specifies an optional list of domain
+# or network patterns, /file/name patterns or type:name tables. When
+# an SMTP client or server host name or address matches a pattern,
+# increase the verbose logging level by the amount specified in the
+# debug_peer_level parameter.
+#
+#debug_peer_list = 127.0.0.1
+#debug_peer_list = some.domain
+
+# The debugger_command specifies the external command that is executed
+# when a Postfix daemon program is run with the -D option.
+#
+# Use "command .. & sleep 5" so that the debugger can attach before
+# the process marches on. If you use an X-based debugger, be sure to
+# set up your XAUTHORITY environment variable before starting Postfix.
+#
+debugger_command =
+ PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+ ddd $daemon_directory/$process_name $process_id & sleep 5
+
+# If you can't use X, use this to capture the call stack when a
+# daemon crashes. The result is in a file in the configuration
+# directory, and is named after the process name and the process ID.
+#
+# debugger_command =
+# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
+# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
+# >$config_directory/$process_name.$process_id.log & sleep 5
+#
+# Another possibility is to run gdb under a detached screen session.
+# To attach to the screen sesssion, su root and run "screen -r
+# <id_string>" where <id_string> uniquely matches one of the detached
+# sessions (from "screen -list").
+#
+# debugger_command =
+# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
+# -dmS $process_name gdb $daemon_directory/$process_name
+# $process_id & sleep 1
+
+# INSTALL-TIME CONFIGURATION INFORMATION
+#
+# The following parameters are used when installing a new Postfix version.
+#
+# sendmail_path: The full pathname of the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+#
+sendmail_path =
+
+# newaliases_path: The full pathname of the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases.
+#
+newaliases_path =
+
+# mailq_path: The full pathname of the Postfix mailq command. This
+# is the Sendmail-compatible mail queue listing command.
+#
+mailq_path =
+
+# setgid_group: The group for mail submission and queue management
+# commands. This must be a group name with a numerical group ID that
+# is not shared with other accounts, not even with the Postfix account.
+#
+setgid_group =
+
+# html_directory: The location of the Postfix HTML documentation.
+#
+html_directory =
+
+# manpage_directory: The location of the Postfix on-line manual pages.
+#
+manpage_directory =
+
+# sample_directory: The location of the Postfix sample configuration files.
+# This parameter is obsolete as of Postfix 2.1.
+#
+sample_directory =
+
+# readme_directory: The location of the Postfix README files.
+#
+readme_directory =
+inet_protocols = ipv4
--- /dev/null
+/usr/share/postfix/makedefs.out
\ No newline at end of file
--- /dev/null
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
+# ==========================================================================
+#smtp inet n - - - - smtpd
+smtp inet n - - - 1 postscreen
+smtpd pass - - - - - smtpd
+dnsblog unix - - - - 0 dnsblog
+tlsproxy unix - - - - 0 tlsproxy
+#submission inet n - - - - smtpd
+# -o syslog_name=postfix/submission
+# -o smtpd_tls_security_level=encrypt
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#smtps inet n - - - - smtpd
+# -o syslog_name=postfix/smtps
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#628 inet n - - - - qmqpd
+pickup unix n - - 60 1 pickup
+ -o content_filter=smtp-amavis:[127.0.0.1]:10026
+cleanup unix n - - - 0 cleanup
+qmgr unix n - n 300 1 qmgr
+#qmgr unix n - n 300 1 oqmgr
+tlsmgr unix - - - 1000? 1 tlsmgr
+rewrite unix - - - - - trivial-rewrite
+bounce unix - - - - 0 bounce
+defer unix - - - - 0 bounce
+trace unix - - - - 0 bounce
+verify unix - - - - 1 verify
+flush unix n - - 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - - - - smtp
+relay unix - - - - - smtp
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - - - - showq
+error unix - - - - - error
+retry unix - - - - - error
+discard unix - - - - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - - - - lmtp
+anvil unix - - - - 1 anvil
+scache unix - - - - 1 scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop unix - n n - - pipe
+ flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+# mailbox_transport = lmtp:inet:localhost
+# virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus unix - n n - - pipe
+# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix - n n - - pipe
+# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix - n n - 2 pipe
+ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman unix - n n - - pipe
+ flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+ ${nexthop} ${user}
+
+# Submission, port 587, force TLS connection.
+submission inet n - n - - smtpd
+ -o syslog_name=postfix/submission
+ -o smtpd_tls_security_level=encrypt
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+ -o content_filter=smtp-amavis:[127.0.0.1]:10026
+
+# Use dovecot's `deliver` program as LDA.
+dovecot unix - n n - - pipe
+ flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}
+
+# Amavisd integration.
+smtp-amavis unix - - n - 2 smtp
+ -o smtp_data_done_timeout=1200
+ -o smtp_send_xforward_command=yes
+ -o disable_dns_lookups=yes
+ -o max_use=20
+
+127.0.0.1:10025 inet n - n - - smtpd
+ -o content_filter=
+ -o mynetworks_style=host
+ -o mynetworks=127.0.0.0/8
+ -o local_recipient_maps=
+ -o relay_recipient_maps=
+ -o strict_rfc821_envelopes=yes
+ -o smtp_tls_security_level=none
+ -o smtpd_tls_security_level=none
+ -o smtpd_restriction_classes=
+ -o smtpd_delay_reject=no
+ -o smtpd_client_restrictions=permit_mynetworks,reject
+ -o smtpd_helo_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o smtpd_end_of_data_restrictions=
+ -o smtpd_error_sleep_time=0
+ -o smtpd_soft_error_limit=1001
+ -o smtpd_hard_error_limit=1000
+ -o smtpd_client_connection_count_limit=0
+ -o smtpd_client_connection_rate_limit=0
+ -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings,no_milters
+
+# vim: ts=4
--- /dev/null
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
+# ==========================================================================
+smtp inet n - - - - smtpd
+#smtp inet n - - - 1 postscreen
+#smtpd pass - - - - - smtpd
+#dnsblog unix - - - - 0 dnsblog
+#tlsproxy unix - - - - 0 tlsproxy
+#submission inet n - - - - smtpd
+# -o syslog_name=postfix/submission
+# -o smtpd_tls_security_level=encrypt
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#smtps inet n - - - - smtpd
+# -o syslog_name=postfix/smtps
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#628 inet n - - - - qmqpd
+pickup unix n - - 60 1 pickup
+cleanup unix n - - - 0 cleanup
+qmgr unix n - n 300 1 qmgr
+#qmgr unix n - n 300 1 oqmgr
+tlsmgr unix - - - 1000? 1 tlsmgr
+rewrite unix - - - - - trivial-rewrite
+bounce unix - - - - 0 bounce
+defer unix - - - - 0 bounce
+trace unix - - - - 0 bounce
+verify unix - - - - 1 verify
+flush unix n - - 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - - - - smtp
+relay unix - - - - - smtp
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - - - - showq
+error unix - - - - - error
+retry unix - - - - - error
+discard unix - - - - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - - - - lmtp
+anvil unix - - - - 1 anvil
+scache unix - - - - 1 scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop unix - n n - - pipe
+ flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+# mailbox_transport = lmtp:inet:localhost
+# virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus unix - n n - - pipe
+# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix - n n - - pipe
+# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix - n n - 2 pipe
+ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman unix - n n - - pipe
+ flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+ ${nexthop} ${user}
+
--- /dev/null
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
+# ==========================================================================
+smtp inet n - - - - smtpd
+#smtp inet n - - - 1 postscreen
+#smtpd pass - - - - - smtpd
+#dnsblog unix - - - - 0 dnsblog
+#tlsproxy unix - - - - 0 tlsproxy
+#submission inet n - - - - smtpd
+# -o syslog_name=postfix/submission
+# -o smtpd_tls_security_level=encrypt
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#smtps inet n - - - - smtpd
+# -o syslog_name=postfix/smtps
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#628 inet n - - - - qmqpd
+pickup unix n - - 60 1 pickup
+cleanup unix n - - - 0 cleanup
+qmgr unix n - n 300 1 qmgr
+#qmgr unix n - n 300 1 oqmgr
+tlsmgr unix - - - 1000? 1 tlsmgr
+rewrite unix - - - - - trivial-rewrite
+bounce unix - - - - 0 bounce
+defer unix - - - - 0 bounce
+trace unix - - - - 0 bounce
+verify unix - - - - 1 verify
+flush unix n - - 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - - - - smtp
+relay unix - - - - - smtp
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - - - - showq
+error unix - - - - - error
+retry unix - - - - - error
+discard unix - - - - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - - - - lmtp
+anvil unix - - - - 1 anvil
+scache unix - - - - 1 scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop unix - n n - - pipe
+ flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+# mailbox_transport = lmtp:inet:localhost
+# virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus unix - n n - - pipe
+# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix - n n - - pipe
+# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix - n n - 2 pipe
+ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman unix - n n - - pipe
+ flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+ ${nexthop} ${user}
+
+# Submission, port 587, force TLS connection.
+submission inet n - n - - smtpd
+ -o syslog_name=postfix/submission
+ -o smtpd_tls_security_level=encrypt
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+ -o content_filter=smtp-amavis:[127.0.0.1]:10026
+
+# Use dovecot's `deliver` program as LDA.
+dovecot unix - n n - - pipe
+ flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}
+
+# Amavisd integration.
+smtp-amavis unix - - n - 2 smtp
+ -o smtp_data_done_timeout=1200
+ -o smtp_send_xforward_command=yes
+ -o disable_dns_lookups=yes
+ -o max_use=20
+
+127.0.0.1:10025 inet n - n - - smtpd
+ -o content_filter=
+ -o mynetworks_style=host
+ -o mynetworks=127.0.0.0/8
+ -o local_recipient_maps=
+ -o relay_recipient_maps=
+ -o strict_rfc821_envelopes=yes
+ -o smtp_tls_security_level=none
+ -o smtpd_tls_security_level=none
+ -o smtpd_restriction_classes=
+ -o smtpd_delay_reject=no
+ -o smtpd_client_restrictions=permit_mynetworks,reject
+ -o smtpd_helo_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o smtpd_end_of_data_restrictions=
+ -o smtpd_error_sleep_time=0
+ -o smtpd_soft_error_limit=1001
+ -o smtpd_hard_error_limit=1000
+ -o smtpd_client_connection_count_limit=0
+ -o smtpd_client_connection_rate_limit=0
+ -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
--- /dev/null
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (no) (never) (100)
+# ==========================================================================
+smtp inet n - y - - smtpd
+#smtp inet n - y - 1 postscreen
+#smtpd pass - - y - - smtpd
+#dnsblog unix - - y - 0 dnsblog
+#tlsproxy unix - - y - 0 tlsproxy
+#submission inet n - y - - smtpd
+# -o syslog_name=postfix/submission
+# -o smtpd_tls_security_level=encrypt
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#smtps inet n - y - - smtpd
+# -o syslog_name=postfix/smtps
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#628 inet n - y - - qmqpd
+pickup unix n - y 60 1 pickup
+cleanup unix n - y - 0 cleanup
+qmgr unix n - n 300 1 qmgr
+#qmgr unix n - n 300 1 oqmgr
+tlsmgr unix - - y 1000? 1 tlsmgr
+rewrite unix - - y - - trivial-rewrite
+bounce unix - - y - 0 bounce
+defer unix - - y - 0 bounce
+trace unix - - y - 0 bounce
+verify unix - - y - 1 verify
+flush unix n - y 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - y - - smtp
+relay unix - - y - - smtp
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - y - - showq
+error unix - - y - - error
+retry unix - - y - - error
+discard unix - - y - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - y - - lmtp
+anvil unix - - y - 1 anvil
+scache unix - - y - 1 scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop unix - n n - - pipe
+ flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+# mailbox_transport = lmtp:inet:localhost
+# virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus unix - n n - - pipe
+# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix - n n - - pipe
+# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix - n n - 2 pipe
+ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman unix - n n - - pipe
+ flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+ ${nexthop} ${user}
+
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT alias.goto FROM alias,domain WHERE alias.address='%d' AND '%u' NOT LIKE '%%+%%' AND alias.address=domain.domain AND alias.active=1 AND domain.active=1 AND domain.backupmx=0
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT alias.goto FROM alias,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND alias.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND alias.active=1 AND alias_domain.active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT alias.goto FROM alias,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND alias.address=CONCAT('%u', '@', alias_domain.target_domain) AND alias_domain.target_domain=domain.domain AND alias.active=1 AND alias_domain.active=1 AND domain.backupmx=0
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT bcc_address FROM recipient_bcc_domain WHERE domain='%d' AND active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT recipient_bcc_user.bcc_address FROM recipient_bcc_user,domain WHERE recipient_bcc_user.username='%s' AND recipient_bcc_user.domain='%d' AND recipient_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND recipient_bcc_user.active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT domain FROM domain WHERE domain='%s' AND backupmx=1 AND active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT bcc_address FROM sender_bcc_domain WHERE domain='%d' AND active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT sender_bcc_user.bcc_address FROM sender_bcc_user,domain WHERE sender_bcc_user.username='%s' AND sender_bcc_user.domain='%d' AND sender_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND sender_bcc_user.active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT relayhost FROM sender_relayhost WHERE account='%s' LIMIT 1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT transport FROM domain WHERE domain='%s' AND active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT mailbox.transport FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.transport<>'' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.backupmx=0 AND domain.active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT alias.goto FROM alias,domain WHERE alias.address='%s' AND alias.domain='%d' AND alias.domain=domain.domain AND alias.active=1 AND domain.backupmx=0 AND domain.active=1
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1 UNION SELECT alias_domain.alias_domain FROM alias_domain,domain WHERE alias_domain.alias_domain='%s' AND alias_domain.active=1 AND alias_domain.target_domain=domain.domain AND domain.active=1 AND domain.backupmx=0
--- /dev/null
+hosts = 127.0.0.1
+# port = 3306
+user = vmail
+password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
+dbname = vmail
+query = SELECT CONCAT(mailbox.storagenode, '/', mailbox.maildir, '/Maildir/') FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.domain = mailbox.domain AND domain.active=1
--- /dev/null
+#!/bin/sh
+
+# To view the formatted manual page of this file, type:
+# POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man
+
+#++
+# NAME
+# post-install
+# SUMMARY
+# Postfix post-installation script
+# SYNOPSIS
+# postfix post-install [name=value] command ...
+# DESCRIPTION
+# The post-install script performs the finishing touch of a Postfix
+# installation, after the executable programs and configuration
+# files are installed. Usage is one of the following:
+# .IP o
+# While installing Postfix from source code on the local machine, the
+# script is run by the postfix-install script to update selected file
+# or directory permissions and to update Postfix configuration files.
+# .IP o
+# While installing Postfix from a pre-built package, the script is run
+# by the package management procedure to set all file or directory
+# permissions and to update Postfix configuration files.
+# .IP o
+# The script can be used to change installation parameter settings such
+# as mail_owner or setgid_group after Postfix is already installed.
+# .IP o
+# The script can be used to upgrade configuration files and to upgrade
+# file/directory permissions of a secondary Postfix instance.
+# .IP o
+# At Postfix start-up time, the script is run from "postfix check" to
+# create missing queue directories.
+# .PP
+# The post-install script is controlled by installation parameters.
+# Specific parameters are described at the end of this document.
+# All installation parameters must be specified ahead of time via
+# one of the methods described below.
+#
+# Arguments
+# .IP create-missing
+# Create missing queue directories with ownerships and permissions
+# according to the contents of $meta_directory/postfix-files
+# and optionally in $meta_directory/postfix-files.d/*, using
+# the mail_owner and setgid_group parameter settings from the
+# command line, process environment or from the installed
+# main.cf file.
+#
+# This is required at Postfix start-up time.
+# .IP set-permissions
+# Set all file/directory ownerships and permissions according to the
+# contents of $meta_directory/postfix-files and optionally
+# in $meta_directory/postfix-files.d/*, using the mail_owner
+# and setgid_group parameter settings from the command line,
+# process environment or from the installed main.cf file.
+# Implies create-missing.
+#
+# This is required when installing Postfix from a pre-built package,
+# or when changing the mail_owner or setgid_group installation parameter
+# settings after Postfix is already installed.
+# .IP upgrade-permissions
+# Update ownership and permission of existing files/directories as
+# specified in $meta_directory/postfix-files and optionally
+# in $meta_directory/postfix-files.d/*, using the mail_owner
+# and setgid_group parameter settings from the command line,
+# process environment or from the installed main.cf file.
+# Implies create-missing.
+#
+# This is required when upgrading an existing Postfix instance.
+# .IP upgrade-configuration
+# Edit the installed main.cf and master.cf files, in order to account
+# for missing services and to fix deprecated parameter settings.
+#
+# This is required when upgrading an existing Postfix instance.
+# .IP upgrade-source
+# Short-hand for: upgrade-permissions upgrade-configuration.
+#
+# This is recommended when upgrading Postfix from source code.
+# .IP upgrade-package
+# Short-hand for: set-permissions upgrade-configuration.
+#
+# This is recommended when upgrading Postfix from a pre-built package.
+# .IP first-install-reminder
+# Remind the user that they still need to configure main.cf and the
+# aliases file, and that newaliases still needs to be run.
+#
+# This is recommended when Postfix is installed for the first time.
+# MULTIPLE POSTFIX INSTANCES
+# .ad
+# .fi
+# Multiple Postfix instances on the same machine can share command and
+# daemon program files but must have separate configuration and queue
+# directories.
+#
+# To create a secondary Postfix installation on the same machine,
+# copy the configuration files from the primary Postfix instance to
+# a secondary configuration directory and execute:
+#
+# postfix post-install config_directory=secondary-config-directory \e
+# .in +4
+# queue_directory=secondary-queue-directory \e
+# .br
+# create-missing
+# .PP
+# This creates secondary Postfix queue directories, sets their access
+# permissions, and saves the specified installation parameters to the
+# secondary main.cf file.
+#
+# Be sure to list the secondary configuration directory in the
+# alternate_config_directories parameter in the primary main.cf file.
+#
+# To upgrade a secondary Postfix installation on the same machine,
+# execute:
+#
+# postfix post-install config_directory=secondary-config-directory \e
+# .in +4
+# upgrade-permissions upgrade-configuration
+# INSTALLATION PARAMETER INPUT METHODS
+# .ad
+# .fi
+# Parameter settings can be specified through a variety of
+# mechanisms. In order of decreasing precedence these are:
+# .IP "command line"
+# Parameter settings can be given as name=value arguments on
+# the post-install command line. These have the highest precedence.
+# Settings that override the installed main.cf file are saved.
+# .IP "process environment"
+# Parameter settings can be given as name=value environment
+# variables.
+# Settings that override the installed main.cf file are saved.
+# .IP "installed configuration files"
+# If a parameter is not specified via the command line or via the
+# process environment, post-install will attempt to extract its
+# value from the already installed Postfix main.cf configuration file.
+# These settings have the lowest precedence.
+# INSTALLATION PARAMETER DESCRIPTION
+# .ad
+# .fi
+# The description of installation parameters is as follows:
+# .IP config_directory
+# The directory for Postfix configuration files.
+# .IP daemon_directory
+# The directory for Postfix daemon programs. This directory
+# should not be in the command search path of any users.
+# .IP command_directory
+# The directory for Postfix administrative commands. This
+# directory should be in the command search path of adminstrative users.
+# .IP queue_directory
+# The directory for Postfix queues.
+# .IP data_directory
+# The directory for Postfix writable data files (caches, etc.).
+# .IP sendmail_path
+# The full pathname for the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+# .IP newaliases_path
+# The full pathname for the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases
+# for the Postfix local delivery agent.
+# .IP mailq_path
+# The full pathname for the Postfix mailq command.
+# This is the Sendmail-compatible command to list the mail queue.
+# .IP mail_owner
+# The owner of the Postfix queue. Its numerical user ID and group ID
+# must not be used by any other accounts on the system.
+# .IP setgid_group
+# The group for mail submission and for queue management commands.
+# Its numerical group ID must not be used by any other accounts on the
+# system, not even by the mail_owner account.
+# .IP html_directory
+# The directory for the Postfix HTML files.
+# .IP manpage_directory
+# The directory for the Postfix on-line manual pages.
+# .IP sample_directory
+# The directory for the Postfix sample configuration files.
+# This feature is obsolete as of Postfix 2.1.
+# .IP readme_directory
+# The directory for the Postfix README files.
+# .IP shlib_directory
+# The directory for the Postfix shared-library files, and for
+# the Postfix dabatase plugin files with a relative pathname
+# in the file dynamicmaps.cf.
+# .IP meta_directory
+# The directory for non-executable files that are shared
+# among multiple Postfix instances, such as postfix-files,
+# dynamicmaps.cf, as well as the multi-instance template files
+# main.cf.proto and master.cf.proto.
+# SEE ALSO
+# postfix-install(1) Postfix primary installation script.
+# FILES
+# $config_directory/main.cf, Postfix installation parameters.
+# $meta_directory/postfix-files, installation control file.
+# $meta_directory/postfix-files.d/*, optional control files.
+# $config_directory/install.cf, obsolete configuration file.
+# LICENSE
+# .ad
+# .fi
+# The Secure Mailer license must be distributed with this software.
+# AUTHOR(S)
+# Wietse Venema
+# IBM T.J. Watson Research
+# P.O. Box 704
+# Yorktown Heights, NY 10598, USA
+#
+# Wietse Venema
+# Google, Inc.
+# 111 8th Avenue
+# New York, NY 10011, USA
+#--
+
+umask 022
+
+PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd
+SHELL=/bin/sh
+IFS="
+"
+BACKUP_IFS="$IFS"
+debug=:
+#debug=echo
+MOST_PARAMETERS="command_directory daemon_directory data_directory
+ html_directory mail_owner mailq_path manpage_directory
+ newaliases_path queue_directory readme_directory sample_directory
+ sendmail_path setgid_group shlib_directory meta_directory"
+NON_SHARED="config_directory queue_directory data_directory"
+
+USAGE="Usage: $0 [name=value] command
+ create-missing Create missing queue directories.
+ upgrade-source When installing or upgrading from source code.
+ upgrade-package When installing or upgrading from pre-built package.
+ first-install-reminder Remind of mandatory first-time configuration steps.
+ name=value Specify an installation parameter".
+
+# Process command-line options and parameter settings. Work around
+# brain damaged shells. "IFS=value command" should not make the
+# IFS=value setting permanent. But some broken standard allows it.
+
+create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
+obsolete=; keep_list=;
+
+for arg
+do
+ case $arg in
+ *[" "]*) echo $0: "Error: argument contains whitespace: '$arg'"
+ exit 1;;
+ *=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
+ create-missing) create=1;;
+ set-perm*) create=1; set_perms=1;;
+ upgrade-perm*) create=1; upgrade_perms=1;;
+ upgrade-conf*) upgrade_conf=1;;
+ upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;;
+ upgrade-package) create=1; upgrade_conf=1; set_perms=1;;
+ first-install*) first_install_reminder=1;;
+ *) echo "$0: Error: $USAGE" 1>&2; exit 1;;
+ esac
+ shift
+done
+
+# Sanity checks.
+
+test -n "$create$upgrade_conf$first_install_reminder" || {
+ echo "$0: Error: $USAGE" 1>&2
+ exit 1
+}
+
+# Bootstrapping problem.
+
+if [ -n "$command_directory" ]
+then
+ POSTCONF="$command_directory/postconf"
+else
+ POSTCONF="postconf"
+fi
+
+$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
+ echo $0: Error: no $POSTCONF command found. 1>&2
+ echo Re-run this command as $0 command_directory=/some/where. 1>&2
+ exit 1
+}
+
+# Also used to require license etc. files only in the default instance.
+
+def_config_directory=`$POSTCONF -d -h config_directory` || exit 1
+test -n "$config_directory" ||
+ config_directory="$def_config_directory"
+
+test -d "$config_directory" || {
+ echo $0: Error: $config_directory is not a directory. 1>&2
+ exit 1
+}
+
+# If this is a secondary instance, don't touch shared files.
+# XXX Solaris does not have "test -e".
+
+instances=`test ! -f $def_config_directory/main.cf ||
+ $POSTCONF -c $def_config_directory -h multi_instance_directories |
+ sed 's/,/ /'` || exit 1
+
+update_shared_files=1
+for name in $instances
+do
+ case "$name" in
+ "$def_config_directory") ;;
+ "$config_directory") update_shared_files=; break;;
+ esac
+done
+
+test -f $meta_directory/postfix-files || {
+ echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2
+ exit 1
+}
+
+# SunOS5 fmt(1) truncates lines > 1000 characters.
+
+fake_fmt() {
+ sed '
+ :top
+ /^\( *\)\([^ ][^ ]*\) */{
+ s//\1\2\
+\1/
+ P
+ D
+ b top
+ }
+ ' | fmt
+}
+
+case `uname -s` in
+HP-UX*) FMT=cat;;
+SunOS*) FMT=fake_fmt;;
+ *) FMT=fmt;;
+esac
+
+# If a parameter is not set via the command line or environment,
+# try to use settings from installed configuration files.
+
+# Extract parameter settings from the obsolete install.cf file, as
+# a transitional aid.
+
+grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || {
+ test -f $config_directory/install.cf && {
+ for name in sendmail_path newaliases_path mailq_path setgid manpages
+ do
+ eval junk=\$$name
+ case "$junk" in
+ "") eval unset $name;;
+ esac
+ eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \
+ || exit 1
+ done
+ : ${setgid_group=$setgid}
+ : ${manpage_directory=$manpages}
+ }
+}
+
+# Extract parameter settings from the installed main.cf file.
+
+test -f $config_directory/main.cf && {
+ for name in $MOST_PARAMETERS
+ do
+ eval junk=\$$name
+ case "$junk" in
+ "") eval unset $name;;
+ esac
+ eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1
+ done
+}
+
+# Sanity checks
+
+case $manpage_directory in
+ no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
+ echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
+esac
+
+case $setgid_group in
+ no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
+ echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
+esac
+
+for path in "$daemon_directory" "$command_directory" "$queue_directory" \
+ "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \
+ "$meta_directory"
+do
+ case "$path" in
+ /*) ;;
+ *) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;;
+ esac
+done
+
+for path in "$html_directory" "$readme_directory" "$shlib_directory"
+do
+ case "$path" in
+ /*) ;;
+ no) ;;
+ *) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;;
+ esac
+done
+
+# Find out what parameters were not specified via command line,
+# via environment, or via installed configuration files.
+
+missing=
+for name in $MOST_PARAMETERS
+do
+ eval test -n \"\$$name\" || missing="$missing $name"
+done
+
+# All parameters must be specified at this point.
+
+test -n "$non_interactive" -a -n "$missing" && {
+ cat <<EOF | ${FMT} 1>&2
+$0: Error: some required installation parameters are not defined.
+
+- Either the parameters need to be given in the $config_directory/main.cf
+file from a recent Postfix installation,
+
+- Or the parameters need to be specified through the process
+environment.
+
+- Or the parameters need to be specified as name=value arguments
+on the $0 command line,
+
+The following parameters were missing:
+
+ $missing
+
+EOF
+ exit 1
+}
+
+POSTCONF="$command_directory/postconf"
+
+# Save settings, allowing command line/environment override.
+
+# Undo MAIL_VERSION expansion at the end of a parameter value. If
+# someone really wants the expanded mail version in main.cf, then
+# we're sorry.
+
+# Confine side effects from mail_version unexpansion within a subshell.
+
+(case "$mail_version" in
+"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1
+esac
+
+for name in $MOST_PARAMETERS
+do
+ eval junk=\$$name
+ case "$junk" in
+ *"$mail_version"*)
+ case "$pattern" in
+ "") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1
+ esac
+ val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1
+ eval ${name}='"$val"'
+ esac
+done
+
+# XXX Maybe update main.cf only with first install, upgrade, set
+# permissions, and what else? Should there be a warning otherwise?
+
+override=
+for name in $MOST_PARAMETERS
+do
+ eval junk=\"\$$name\"
+ test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || {
+ override=1
+ break
+ }
+done
+
+test -n "$override" && {
+ $POSTCONF -c $config_directory -e \
+ "daemon_directory = $daemon_directory" \
+ "command_directory = $command_directory" \
+ "queue_directory = $queue_directory" \
+ "data_directory = $data_directory" \
+ "mail_owner = $mail_owner" \
+ "setgid_group = $setgid_group" \
+ "sendmail_path = $sendmail_path" \
+ "mailq_path = $mailq_path" \
+ "newaliases_path = $newaliases_path" \
+ "html_directory = $html_directory" \
+ "manpage_directory = $manpage_directory" \
+ "sample_directory = $sample_directory" \
+ "readme_directory = $readme_directory" \
+ "shlib_directory = $shlib_directory" \
+ "meta_directory = $meta_directory" \
+ || exit 1
+} || exit 0) || exit 1
+
+# Use file/directory status information in $meta_directory/postfix-files.
+
+test -n "$create" && {
+ postfix_files_d=$meta_directory/postfix-files.d
+ for postfix_file in $meta_directory/postfix-files \
+ `test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }`
+ do
+ exec <$postfix_file || exit 1
+ while IFS=: read path type owner group mode flags junk
+ do
+ IFS="$BACKUP_IFS"
+ set_permission=
+ # Skip comments. Skip shared files, if updating a secondary instance.
+ case $path in
+ [$]*) case "$update_shared_files" in
+ 1) $debug keep non-shared or shared $path;;
+ *) non_shared=
+ for name in $NON_SHARED
+ do
+ case $path in
+ "\$$name"*) non_shared=1; break;;
+ esac
+ done
+ case "$non_shared" in
+ 1) $debug keep non-shared $path;;
+ *) $debug skip shared $path; continue;;
+ esac;;
+ esac;;
+ *) continue;;
+ esac
+ # Skip hard links and symbolic links.
+ case $type in
+ [hl]) continue;;
+ [df]) ;;
+ *) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;;
+ esac
+ # Expand $name, and canonicalize null fields.
+ for name in path owner group flags
+ do
+ eval junk=\${$name}
+ case $junk in
+ [$]*) eval $name=$junk;;
+ -) eval $name=;;
+ *) ;;
+ esac
+ done
+ # Skip uninstalled files.
+ case $path in
+ no|no/*) continue;;
+ esac
+ # Pick up the flags.
+ case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
+ case $flags in *c*) create_flag=1;; *) create_flag=;; esac
+ case $flags in *r*) recursive="-R";; *) recursive=;; esac
+ case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac
+ case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \
+ "$def_config_directory" && continue;; esac
+ # Flag obsolete objects. XXX Solaris 2..9 does not have "test -e".
+ if [ -n "$obsolete_flag" ]
+ then
+ test -r $path -a "$type" != "d" && obsolete="$obsolete $path"
+ continue;
+ else
+ keep_list="$keep_list $path"
+ fi
+ # Create missing directories with proper owner/group/mode settings.
+ if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
+ then
+ mkdir $path || exit 1
+ set_permission=1
+ # Update all owner/group/mode settings.
+ elif [ -n "$set_perms" ]
+ then
+ set_permission=1
+ # Update obsolete owner/group/mode settings.
+ elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ]
+ then
+ set_permission=1
+ fi
+ test -n "$set_permission" && {
+ chown $recursive $owner $path || exit 1
+ test -z "$group" || chgrp $recursive $group $path || exit 1
+ # Don't "chmod -R"; queue file status is encoded in mode bits.
+ if [ "$type" = "d" -a -n "$recursive" ]
+ then
+ find $path -type d -exec chmod $mode "{}" ";"
+ else
+ chmod $mode $path
+ fi || exit 1
+ }
+ done
+ IFS="$BACKUP_IFS"
+ done
+}
+
+# Upgrade existing Postfix configuration files if necessary.
+
+test -n "$upgrade_conf" && {
+
+ # Postfix 2.0.
+ # Add missing relay service to master.cf.
+
+ grep '^relay' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for relay service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+relay unix - - n - - smtp
+EOF
+ }
+
+ # Postfix 1.1.
+ # Add missing flush service to master.cf.
+
+ grep '^flush.*flush' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for flush service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+flush unix - - n 1000? 0 flush
+EOF
+ }
+
+ # Postfix 2.1.
+ # Add missing trace service to master.cf.
+
+ grep 'trace.*bounce' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for trace service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+trace unix - - n - 0 bounce
+EOF
+ }
+
+ # Postfix 2.1.
+ # Add missing verify service to master.cf.
+
+ grep '^verify.*verify' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for verify service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+verify unix - - n - 1 verify
+EOF
+ }
+
+ # Postfix 2.1.
+ # Fix verify service process limit.
+
+ grep '^verify.*[ ]0[ ]*verify' \
+ $config_directory/master.cf >/dev/null && {
+ echo Editing $config_directory/master.cf, setting verify process limit to 1
+ ed $config_directory/master.cf <<EOF || exit 1
+/^verify.*[ ]0[ ]*verify/
+s/\([ ]\)0\([ ]\)/\11\2/
+p
+w
+q
+EOF
+ }
+
+ # Postfix 1.1.
+ # Change privileged pickup service into unprivileged.
+
+ grep "^pickup[ ]*fifo[ ]*n[ ]*n" \
+ $config_directory/master.cf >/dev/null && {
+ echo Editing $config_directory/master.cf, making the pickup service unprivileged
+ ed $config_directory/master.cf <<EOF || exit 1
+/^pickup[ ]*fifo[ ]*n[ ]*n/
+s/\(n[ ]*\)n/\1-/
+p
+w
+q
+EOF
+ }
+
+ # Postfix 1.1.
+ # Change private cleanup and flush services into public.
+
+ for name in cleanup flush
+ do
+ grep "^$name[ ]*unix[ ]*[-y]" \
+ $config_directory/master.cf >/dev/null && {
+ echo Editing $config_directory/master.cf, making the $name service public
+ ed $config_directory/master.cf <<EOF || exit 1
+/^$name[ ]*unix[ ]*[-y]/
+s/[-y]/n/
+p
+w
+q
+EOF
+ }
+ done
+
+ # Postfix 2.2.
+ # File systems have improved since Postfix came out, and all we
+ # require now is that defer and deferred are hashed because those
+ # can contain lots of files.
+
+ found=`$POSTCONF -c $config_directory -h hash_queue_names`
+ missing=
+ (echo "$found" | grep defer >/dev/null) || missing="$missing defer"
+ (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
+ test -n "$missing" && {
+ echo fixing main.cf hash_queue_names for missing $missing
+ $POSTCONF -c $config_directory -e hash_queue_names="$found$missing" ||
+ exit 1
+ }
+
+ # Turn on safety nets for new features that could bounce mail that
+ # would be accepted by a previous Postfix version.
+
+ # [The "unknown_local_recipient_reject_code = 450" safety net,
+ # introduced with Postfix 2.0 and deleted after Postfix 2.3.]
+
+ # Postfix 2.0.
+ # Add missing proxymap service to master.cf.
+
+ grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for proxymap service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+proxymap unix - - n - - proxymap
+EOF
+ }
+
+ # Postfix 2.1.
+ # Add missing anvil service to master.cf.
+
+ grep '^anvil.*anvil' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for anvil service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+anvil unix - - n - 1 anvil
+EOF
+ }
+
+ # Postfix 2.2.
+ # Add missing scache service to master.cf.
+
+ grep '^scache.*scache' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for scache service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+scache unix - - n - 1 scache
+EOF
+ }
+
+ # Postfix 2.2.
+ # Add missing discard service to master.cf.
+
+ grep '^discard.*discard' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for discard service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+discard unix - - n - - discard
+EOF
+ }
+
+ # Postfix 2.2.
+ # Update the tlsmgr fifo->unix service.
+
+ grep "^tlsmgr[ ]*fifo[ ]" \
+ $config_directory/master.cf >/dev/null && {
+ echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service
+ ed $config_directory/master.cf <<EOF || exit 1
+/^tlsmgr[ ]*fifo[ ]/
+s/fifo/unix/
+s/[0-9][0-9]*/&?/
+p
+w
+q
+EOF
+ }
+
+ # Postfix 2.2.
+ # Add missing tlsmgr service to master.cf.
+
+ grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+tlsmgr unix - - n 1000? 1 tlsmgr
+EOF
+ }
+
+ # Postfix 2.2.
+ # Add missing retry service to master.cf.
+
+ grep '^retry.*error' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for retry service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+retry unix - - n - - error
+EOF
+ }
+
+ # Postfix 2.5.
+ # Add missing proxywrite service to master.cf.
+
+ grep '^proxywrite.*proxymap' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for proxywrite service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+proxywrite unix - - n - 1 proxymap
+EOF
+ }
+
+ # Postfix 2.5.
+ # Fix a typo in the default master.cf proxywrite entry.
+
+ grep '^proxywrite.*-[ ]*proxymap' $config_directory/master.cf >/dev/null && {
+ echo Editing $config_directory/master.cf, setting proxywrite process limit to 1
+ ed $config_directory/master.cf <<EOF || exit 1
+/^proxywrite.*-[ ]*proxymap/
+s/-\([ ]*proxymap\)/1\1/
+p
+w
+q
+EOF
+ }
+
+ # Postfix 2.8.
+ # Add missing postscreen service to master.cf.
+
+ grep '^#*smtp.*postscreen' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+#smtp inet n - n - 1 postscreen
+EOF
+ }
+
+ # Postfix 2.8.
+ # Add missing smtpd (unix-domain) service to master.cf.
+
+ grep '^#*smtpd.*smtpd' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+#smtpd pass - - n - - smtpd
+EOF
+ }
+
+ # Postfix 2.8.
+ # Add temporary dnsblog (unix-domain) service to master.cf.
+
+ grep '^#*dnsblog.*dnsblog' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+#dnsblog unix - - n - 0 dnsblog
+EOF
+ }
+
+ # Postfix 2.8.
+ # Add tlsproxy (unix-domain) service to master.cf.
+
+ grep '^#*tlsproxy.*tlsproxy' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+#tlsproxy unix - - n - 0 tlsproxy
+EOF
+ }
+
+ # Report (but do not remove) obsolete files.
+
+ test -n "$obsolete" && {
+ cat <<EOF | ${FMT}
+
+ Note: the following files or directories still exist but are
+ no longer part of Postfix:
+
+ $obsolete
+
+EOF
+ }
+
+ # Postfix 2.9.
+ # Safety net for incompatible changes in IPv6 defaults.
+ # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO AVOID AN
+ # UNEXPECTED DROP IN PERFORMANCE AFTER UPGRADING FROM POSTFIX
+ # BEFORE 2.9.
+ # This code assumes that the default is "inet_protocols = ipv4"
+ # when IPv6 support is not compiled in. See util/sys_defs.h.
+
+ test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
+ test -n "`$POSTCONF -c $config_directory -n inet_protocols`" || {
+ cat <<EOF | ${FMT}
+ COMPATIBILITY: editing $config_directory/main.cf, setting
+ inet_protocols=ipv4. Specify inet_protocols explicitly if you
+ want to enable IPv6.
+ In a future release IPv6 will be enabled by default.
+EOF
+ $POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1
+ }
+
+# Disabled because unhelpful down-stream maintainers disable the safety net.
+# # Postfix 2.10.
+# # Safety net for incompatible changes due to the introduction
+# # of the smtpd_relay_restrictions feature to separate the
+# # mail relay policy from the spam blocking policy.
+# # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
+# # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
+# # POSTFIX BEFORE 2.10.
+# test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
+# cat <<EOF | ${FMT}
+# COMPATIBILITY: editing $config_directory/main.cf, overriding
+# smtpd_relay_restrictions to prevent inbound mail from
+# unexpectedly bouncing.
+# Specify an empty smtpd_relay_restrictions value to keep using
+# smtpd_recipient_restrictions as before.
+#EOF
+# $POSTCONF -c $config_directory "smtpd_relay_restrictions = \
+# permit_mynetworks permit_sasl_authenticated \
+# defer_unauth_destination" || exit 1
+# }
+
+ # Postfix 3.4
+ # Add a postlog service entry.
+
+ grep '^postlog' $config_directory/master.cf >/dev/null || {
+ echo Editing $config_directory/master.cf, adding missing entry for postlog unix-domain datagram service
+ cat >>$config_directory/master.cf <<EOF || exit 1
+postlog unix-dgram n - n - 1 postlogd
+EOF
+ }
+}
+
+# A reminder if this is the first time Postfix is being installed.
+
+test -n "$first_install_reminder" && {
+
+ ALIASES=`$POSTCONF -c $config_directory -h alias_database | sed 's/^[^:]*://'`
+ NEWALIASES_PATH=`$POSTCONF -c $config_directory -h newaliases_path`
+ cat <<EOF | ${FMT}
+
+ Warning: you still need to edit myorigin/mydestination/mynetworks
+ parameter settings in $config_directory/main.cf.
+
+ See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
+ for information about dialup sites or about sites inside a
+ firewalled network.
+
+ BTW: Check your $ALIASES file and be sure to set up aliases
+ that send mail for root and postmaster to a real person, then
+ run $NEWALIASES_PATH.
+
+EOF
+
+}
+
+exit 0
--- /dev/null
+#
+# Do not edit this file.
+#
+# This file controls the postfix-install script for installation of
+# Postfix programs, configuration files and documentation, as well
+# as the post-install script for setting permissions and for updating
+# Postfix configuration files. See the respective manual pages within
+# the script files.
+#
+# Do not list $command_directory or $shlib_directory in this file,
+# or it will be blown away by a future Postfix uninstallation
+# procedure. You would not want to lose all files in /usr/sbin or
+# /usr/local/lib.
+#
+# Each record in this file describes one file or directory.
+# Fields are separated by ":". Specify a null field as "-".
+# Missing fields or separators at the end are OK.
+#
+# File format:
+# name:type:owner:group:permission:flags
+# No group means don't change group ownership.
+#
+# File types:
+# d=directory
+# f=regular file
+# h=hard link (*)
+# l=symbolic link (*)
+#
+# (*) With hard links and symbolic links, the owner field becomes the
+# source pathname, while the group and permissions are ignored.
+#
+# File flags:
+# No flag means the flag is not active.
+# p=preserve existing file, do not replace (postfix-install).
+# u=update owner/group/mode (post-install upgrade-permissions).
+# c=create missing directory (post-install create-missing).
+# r=apply owner/group recursively (post-install set/upgrade-permissions).
+# o=obsolete, no longer part of Postfix
+# 1=optional for non-default instance (config_dir != built-in default).
+#
+# Note: the "u" flag is for upgrading the permissions of existing files
+# or directories after changes in Postfix architecture. For robustness
+# it is a good idea to "u" all the files that have special ownership or
+# permissions, so that running "make install" fixes any glitches.
+#
+# Note: order matters. Update shared libraries and database plugins
+# before daemon/command-line programs.
+$config_directory:d:root:-:755:u
+$data_directory:d:$mail_owner:-:700:uc
+$daemon_directory:d:root:-:755:u
+$queue_directory:d:root:-:755:uc
+$queue_directory/active:d:$mail_owner:-:700:ucr
+$queue_directory/bounce:d:$mail_owner:-:700:ucr
+$queue_directory/corrupt:d:$mail_owner:-:700:ucr
+$queue_directory/defer:d:$mail_owner:-:700:ucr
+$queue_directory/deferred:d:$mail_owner:-:700:ucr
+$queue_directory/flush:d:$mail_owner:-:700:ucr
+$queue_directory/hold:d:$mail_owner:-:700:ucr
+$queue_directory/incoming:d:$mail_owner:-:700:ucr
+$queue_directory/private:d:$mail_owner:-:700:uc
+$queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc
+$queue_directory/public:d:$mail_owner:$setgid_group:710:uc
+$queue_directory/pid:d:root:-:755:uc
+$queue_directory/saved:d:$mail_owner:-:700:ucr
+$queue_directory/trace:d:$mail_owner:-:700:ucr
+# Update shared libraries and plugins before daemon or command-line programs.
+$shlib_directory/libpostfix-util.so:f:root:-:755
+$shlib_directory/libpostfix-global.so:f:root:-:755
+$shlib_directory/libpostfix-dns.so:f:root:-:755
+$shlib_directory/libpostfix-tls.so:f:root:-:755
+$shlib_directory/libpostfix-master.so:f:root:-:755
+$meta_directory/dynamicmaps.cf.d:d:root:-:755
+$meta_directory/dynamicmaps.cf:f:root:-:644
+$meta_directory/main.cf.proto:f:root:-:644
+$meta_directory/makedefs.out:f:root:-:644
+$meta_directory/master.cf.proto:f:root:-:644
+$meta_directory/postfix-files.d:d:root:-:755
+$meta_directory/postfix-files:f:root:-:644
+$daemon_directory/anvil:f:root:-:755
+$daemon_directory/bounce:f:root:-:755
+$daemon_directory/cleanup:f:root:-:755
+$daemon_directory/discard:f:root:-:755
+$daemon_directory/dnsblog:f:root:-:755
+$daemon_directory/error:f:root:-:755
+$daemon_directory/flush:f:root:-:755
+$daemon_directory/local:f:root:-:755
+$daemon_directory/main.cf:f:root:-:644:o
+$daemon_directory/master.cf:f:root:-:644:o
+$daemon_directory/master:f:root:-:755
+$daemon_directory/oqmgr:f:root:-:755
+$daemon_directory/pickup:f:root:-:755
+$daemon_directory/pipe:f:root:-:755
+$daemon_directory/post-install:f:root:-:755
+# In case meta_directory == daemon_directory.
+#$daemon_directory/postfix-files:f:root:-:644:o
+#$daemon_directory/postfix-files.d:d:root:-:755:o
+$daemon_directory/postfix-script:f:root:-:755
+$daemon_directory/postfix-tls-script:f:root:-:755
+$daemon_directory/postfix-wrapper:f:root:-:755
+$daemon_directory/postmulti-script:f:root:-:755
+$daemon_directory/postlogd:f:root:-:755
+$daemon_directory/postscreen:f:root:-:755
+$daemon_directory/proxymap:f:root:-:755
+$daemon_directory/qmgr:f:root:-:755
+$daemon_directory/qmqpd:f:root:-:755
+$daemon_directory/scache:f:root:-:755
+$daemon_directory/showq:f:root:-:755
+$daemon_directory/smtp:f:root:-:755
+$daemon_directory/smtpd:f:root:-:755
+$daemon_directory/spawn:f:root:-:755
+$daemon_directory/tlsproxy:f:root:-:755
+$daemon_directory/tlsmgr:f:root:-:755
+$daemon_directory/trivial-rewrite:f:root:-:755
+$daemon_directory/verify:f:root:-:755
+$daemon_directory/virtual:f:root:-:755
+$daemon_directory/nqmgr:h:$daemon_directory/qmgr
+$daemon_directory/lmtp:h:$daemon_directory/smtp
+$command_directory/postalias:f:root:-:755
+$command_directory/postcat:f:root:-:755
+$command_directory/postconf:f:root:-:755
+$command_directory/postfix:f:root:-:755
+$command_directory/postkick:f:root:-:755
+$command_directory/postlock:f:root:-:755
+$command_directory/postlog:f:root:-:755
+$command_directory/postmap:f:root:-:755
+$command_directory/postmulti:f:root:-:755
+$command_directory/postsuper:f:root:-:755
+$command_directory/postdrop:f:root:$setgid_group:2755:u
+$command_directory/postqueue:f:root:$setgid_group:2755:u
+$sendmail_path:f:root:-:755
+$newaliases_path:l:$sendmail_path
+$mailq_path:l:$sendmail_path
+# Empty files not shipped in Debian
+#$config_directory/access:f:root:-:644:p1
+#$config_directory/aliases:f:root:-:644:p1
+#$config_directory/bounce.cf.default:f:root:-:644:1
+#$config_directory/canonical:f:root:-:644:p1
+#$config_directory/cidr_table:f:root:-:644:o
+#$config_directory/generic:f:root:-:644:p1
+#$config_directory/generics:f:root:-:644:o
+#$config_directory/header_checks:f:root:-:644:p1
+#$config_directory/install.cf:f:root:-:644:o
+#$config_directory/main.cf.default:f:root:-:644:1
+$config_directory/main.cf:f:root:-:644:p
+$config_directory/master.cf:f:root:-:644:p
+#$config_directory/regexp_table:f:root:-:644:o
+#$config_directory/relocated:f:root:-:644:p1
+#$config_directory/tcp_table:f:root:-:644:o
+#$config_directory/transport:f:root:-:644:p1
+#$config_directory/virtual:f:root:-:644:p1
+$config_directory/postfix-script:f:root:-:755:o
+#$config_directory/postfix-script-sgid:f:root:-:755:o
+#$config_directory/postfix-script-nosgid:f:root:-:755:o
+$config_directory/post-install:f:root:-:755:o
+$manpage_directory/man1/mailq.1.gz:f:root:-:644
+$manpage_directory/man1/newaliases.1.gz:f:root:-:644
+$manpage_directory/man1/postalias.1.gz:f:root:-:644
+$manpage_directory/man1/postcat.1.gz:f:root:-:644
+$manpage_directory/man1/postconf.1.gz:f:root:-:644
+$manpage_directory/man1/postdrop.1.gz:f:root:-:644
+$manpage_directory/man1/postfix.1.gz:f:root:-:644
+$manpage_directory/man1/postfix-tls.1.gz:f:root:-:644
+$manpage_directory/man1/postkick.1.gz:f:root:-:644
+$manpage_directory/man1/postlock.1.gz:f:root:-:644
+$manpage_directory/man1/postlog.1.gz:f:root:-:644
+$manpage_directory/man1/postmap.1.gz:f:root:-:644
+$manpage_directory/man1/postmulti.1.gz:f:root:-:644
+$manpage_directory/man1/postqueue.1.gz:f:root:-:644
+$manpage_directory/man1/postsuper.1.gz:f:root:-:644
+$manpage_directory/man1/sendmail.1.gz:f:root:-:644
+$manpage_directory/man5/access.5.gz:f:root:-:644
+$manpage_directory/man5/aliases.5.gz:f:root:-:644
+$manpage_directory/man5/body_checks.5.gz:f:root:-:644
+$manpage_directory/man5/bounce.5.gz:f:root:-:644
+$manpage_directory/man5/canonical.5.gz:f:root:-:644
+$manpage_directory/man5/cidr_table.5.gz:f:root:-:644
+$manpage_directory/man5/generics.5.gz:f:root:-:644:o
+$manpage_directory/man5/generic.5.gz:f:root:-:644
+$manpage_directory/man5/header_checks.5.gz:f:root:-:644
+$manpage_directory/man5/master.5.gz:f:root:-:644
+$manpage_directory/man5/memcache_table.5.gz:f:root:-:644
+$manpage_directory/man5/socketmap_table.5.gz:f:root:-:644
+$manpage_directory/man5/nisplus_table.5.gz:f:root:-:644
+$manpage_directory/man5/postconf.5.gz:f:root:-:644
+$manpage_directory/man5/postfix-wrapper.5.gz:f:root:-:644
+$manpage_directory/man5/regexp_table.5.gz:f:root:-:644
+$manpage_directory/man5/relocated.5.gz:f:root:-:644
+$manpage_directory/man5/tcp_table.5.gz:f:root:-:644
+$manpage_directory/man5/transport.5.gz:f:root:-:644
+$manpage_directory/man5/virtual.5.gz:f:root:-:644
+$manpage_directory/man8/bounce.8postfix.gz:f:root:-:644
+$manpage_directory/man8/cleanup.8postfix.gz:f:root:-:644
+$manpage_directory/man8/anvil.8postfix.gz:f:root:-:644
+$manpage_directory/man8/defer.8postfix.gz:f:root:-:644
+$manpage_directory/man8/discard.8postfix.gz:f:root:-:644
+$manpage_directory/man8/dnsblog.8postfix.gz:f:root:-:644
+$manpage_directory/man8/error.8postfix.gz:f:root:-:644
+$manpage_directory/man8/flush.8postfix.gz:f:root:-:644
+$manpage_directory/man8/lmtp.8postfix.gz:f:root:-:644
+$manpage_directory/man8/local.8postfix.gz:f:root:-:644
+$manpage_directory/man8/master.8postfix.gz:f:root:-:644
+$manpage_directory/man8/nqmgr.8postfix.gz:f:root:-:644:o
+$manpage_directory/man8/oqmgr.8postfix.gz:f:root:-:644:
+$manpage_directory/man8/pickup.8postfix.gz:f:root:-:644
+$manpage_directory/man8/pipe.8postfix.gz:f:root:-:644
+$manpage_directory/man8/postlogd.8postfix.gz:f:root:-:644
+$manpage_directory/man8/postfix-add-filter.8.gz:f:root:-:644
+$manpage_directory/man8/postfix-add-policy.8.gz:f:root:-:644
+$manpage_directory/man8/postscreen.8postfix.gz:f:root:-:644
+$manpage_directory/man8/proxymap.8postfix.gz:f:root:-:644
+$manpage_directory/man8/qmgr.8postfix.gz:f:root:-:644
+$manpage_directory/man8/qmqpd.8postfix.gz:f:root:-:644
+$manpage_directory/man8/scache.8postfix.gz:f:root:-:644
+$manpage_directory/man8/showq.8postfix.gz:f:root:-:644
+$manpage_directory/man8/smtp.8postfix.gz:f:root:-:644
+$manpage_directory/man8/smtpd.8postfix.gz:f:root:-:644
+$manpage_directory/man8/spawn.8postfix.gz:f:root:-:644
+$manpage_directory/man8/tlsproxy.8postfix.gz:f:root:-:644
+$manpage_directory/man8/tlsmgr.8postfix.gz:f:root:-:644
+$manpage_directory/man8/trace.8postfix.gz:f:root:-:644
+$manpage_directory/man8/trivial-rewrite.8postfix.gz:f:root:-:644
+$manpage_directory/man8/verify.8postfix.gz:f:root:-:644
+$manpage_directory/man8/virtual.8postfix.gz:f:root:-:644
--- /dev/null
+$shlib_directory/postfix-mysql.so:f:root:-:755
+$manpage_directory/man5/mysql_table.5.gz:f:root:-:644
--- /dev/null
+$shlib_directory/postfix-pcre.so:f:root:-:755
+#$config_directory/pcre_table:f:root:-:644:o
+$manpage_directory/man5/pcre_table.5.gz:f:root:-:644
--- /dev/null
+$shlib_directory/postfix-sqlite.so:f:root:-:755
+$manpage_directory/man5/sqlite_table.5.gz:f:root:-:644
--- /dev/null
+#!/bin/sh
+
+#++
+# NAME
+# postfix-script 1
+# SUMMARY
+# execute Postfix administrative commands
+# SYNOPSIS
+# \fBpostfix-script\fR \fIcommand\fR
+# DESCRIPTION
+# The \fBpostfix-script\fR script executes Postfix administrative
+# commands in an environment that is set up by the \fBpostfix\fR(1)
+# command.
+# SEE ALSO
+# master(8) Postfix master program
+# postfix(1) Postfix administrative interface
+# LICENSE
+# .ad
+# .fi
+# The Secure Mailer license must be distributed with this software.
+# AUTHOR(S)
+# Wietse Venema
+# IBM T.J. Watson Research
+# P.O. Box 704
+# Yorktown Heights, NY 10598, USA
+#
+# Wietse Venema
+# Google, Inc.
+# 111 8th Avenue
+# New York, NY 10011, USA
+#--
+
+# Avoid POSIX death due to SIGHUP when some parent process exits.
+
+trap '' 1
+
+case $daemon_directory in
+"") echo This script must be run by the postfix command. 1>&2
+ echo Do not run directly. 1>&2
+ exit 1
+esac
+
+LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script"
+INFO="$LOGGER -p info"
+WARN="$LOGGER -p warn"
+ERROR="$LOGGER -p error"
+FATAL="$LOGGER -p fatal"
+PANIC="$LOGGER -p panic"
+
+if [ "X${1#quiet-}" != "X${1}" ]; then
+ INFO=:
+ x=${1#quiet-}
+ shift
+ set -- $x "$@"
+fi
+
+umask 022
+SHELL=/bin/sh
+
+#
+# Can't do much without these in place.
+#
+cd $command_directory || {
+ $FATAL no Postfix command directory $command_directory!
+ exit 1
+}
+cd $daemon_directory || {
+ $FATAL no Postfix daemon directory $daemon_directory!
+ exit 1
+}
+test -f master || {
+ $FATAL no Postfix master program $daemon_directory/master!
+ exit 1
+}
+cd $config_directory || {
+ $FATAL no Postfix configuration directory $config_directory!
+ exit 1
+}
+case $shlib_directory in
+no) ;;
+ *) cd $shlib_directory || {
+ $FATAL no Postfix shared-library directory $shlib_directory!
+ exit 1
+ }
+esac
+cd $meta_directory || {
+ $FATAL no Postfix meta directory $meta_directory!
+ exit 1
+}
+cd $queue_directory || {
+ $FATAL no Postfix queue directory $queue_directory!
+ exit 1
+}
+def_config_directory=`$command_directory/postconf -dh config_directory` || {
+ $FATAL cannot execute $command_directory/postconf!
+ exit 1
+}
+
+# If this is a secondary instance, don't touch shared files.
+
+instances=`test ! -f $def_config_directory/main.cf ||
+ $command_directory/postconf -c $def_config_directory \
+ -h multi_instance_directories | sed 's/,/ /'` || {
+ $FATAL cannot execute $command_directory/postconf!
+ exit 1
+}
+
+check_shared_files=1
+for name in $instances
+do
+ case "$name" in
+ "$def_config_directory") ;;
+ "$config_directory") check_shared_files=; break;;
+ esac
+done
+
+#
+# Parse JCL
+#
+case $1 in
+
+start_msg)
+
+ echo "Start postfix"
+ ;;
+
+stop_msg)
+
+ echo "Stop postfix"
+ ;;
+
+quick-start)
+
+ $daemon_directory/master -t 2>/dev/null || {
+ $FATAL the Postfix mail system is already running
+ exit 1
+ }
+ $daemon_directory/postfix-script quick-check || {
+ $FATAL Postfix integrity check failed!
+ exit 1
+ }
+ $INFO starting the Postfix mail system
+ $daemon_directory/master &
+ ;;
+
+start|start-fg)
+
+ $daemon_directory/master -t 2>/dev/null || {
+ $FATAL the Postfix mail system is already running
+ exit 1
+ }
+ if [ -f $queue_directory/quick-start ]
+ then
+ rm -f $queue_directory/quick-start
+ else
+ $daemon_directory/postfix-script check-fatal || {
+ $FATAL Postfix integrity check failed!
+ exit 1
+ }
+ # Foreground this so it can be stopped. All inodes are cached.
+ $daemon_directory/postfix-script check-warn
+ fi
+ $INFO starting the Postfix mail system || exit 1
+ case $1 in
+ start)
+ # NOTE: wait in foreground process to get the initialization status.
+ $daemon_directory/master -w || {
+ $FATAL "mail system startup failed"
+ exit 1
+ }
+ ;;
+ start-fg)
+ # Foreground start-up is incompatible with multi-instance mode.
+ # Use "exec $daemon_directory/master" only if PID == 1.
+ # Otherwise, doing so would break process group management,
+ # and "postfix stop" would kill too many processes.
+ case $instances in
+ "") case $$ in
+ 1) exec $daemon_directory/master -i
+ $FATAL "cannot start-fg the master daemon"
+ exit 1;;
+ *) $daemon_directory/master -s;;
+ esac
+ ;;
+ *) $FATAL "start-fg does not support multi_instance_directories"
+ exit 1
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+drain)
+
+ $daemon_directory/master -t 2>/dev/null && {
+ $FATAL the Postfix mail system is not running
+ exit 1
+ }
+ $INFO stopping the Postfix mail system
+ kill -9 `sed 1q pid/master.pid`
+ ;;
+
+quick-stop)
+
+ $daemon_directory/postfix-script stop
+ touch $queue_directory/quick-start
+ ;;
+
+stop)
+
+ $daemon_directory/master -t 2>/dev/null && {
+ $FATAL the Postfix mail system is not running
+ exit 0
+ }
+ $INFO stopping the Postfix mail system
+ kill `sed 1q pid/master.pid`
+ for i in 5 4 3 2 1
+ do
+ $daemon_directory/master -t && exit 0
+ $INFO waiting for the Postfix mail system to terminate
+ sleep 1
+ done
+ $WARN stopping the Postfix mail system with force
+ pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` &&
+ kill -9 -$pid
+ ;;
+
+abort)
+
+ $daemon_directory/master -t 2>/dev/null && {
+ $FATAL the Postfix mail system is not running
+ exit 0
+ }
+ $INFO aborting the Postfix mail system
+ kill `sed 1q pid/master.pid`
+ ;;
+
+reload)
+
+ $daemon_directory/master -t 2>/dev/null && {
+ $FATAL the Postfix mail system is not running
+ exit 1
+ }
+ $INFO refreshing the Postfix mail system
+ $command_directory/postsuper active || exit 1
+ kill -HUP `sed 1q pid/master.pid`
+ $command_directory/postsuper &
+ ;;
+
+flush)
+
+ cd $queue_directory || {
+ $FATAL no Postfix queue directory $queue_directory!
+ exit 1
+ }
+ $command_directory/postqueue -f
+ ;;
+
+check)
+
+ $daemon_directory/postfix-script check-fatal || exit 1
+ $daemon_directory/postfix-script check-warn
+ exit 0
+ ;;
+
+status)
+
+ $daemon_directory/master -t 2>/dev/null && {
+ $INFO the Postfix mail system is not running
+ exit 1
+ }
+ $INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid`
+ exit 0
+ ;;
+
+quick-check)
+ # This command is NOT part of the public interface.
+
+ $SHELL $daemon_directory/post-install create-missing || {
+ $WARN unable to create missing queue directories
+ exit 1
+ }
+
+ # Look for incomplete installations.
+
+ test -f $config_directory/master.cf || {
+ $FATAL no $config_directory/master.cf file found
+ exit 1
+ }
+ exit 0
+ ;;
+
+check-fatal)
+ # This command is NOT part of the public interface.
+
+ $daemon_directory/postfix-script quick-check
+
+ maillog_file=`$command_directory/postconf -h maillog_file` || {
+ $FATAL cannot execute $command_directory/postconf!
+ exit 1
+ }
+ test -n "$maillog_file" && {
+ $command_directory/postconf -M postlog/unix-dgram 2>/dev/null \
+ | grep . >/dev/null || {
+ $FATAL "missing 'postlog' service in master.cf - run 'postfix upgrade-configuration'"
+ exit 1
+ }
+ }
+
+ # See if all queue files are in the right place. This is slow.
+ # We must scan all queues for mis-named queue files before the
+ # mail system can run.
+
+ $command_directory/postsuper || exit 1
+ exit 0
+ ;;
+
+check-warn)
+ # This command is NOT part of the public interface.
+
+ # Check Postfix root-owned directory owner/permissions.
+
+ find $queue_directory/. $queue_directory/pid \
+ -prune ! -user root \
+ -exec $WARN not owned by root: {} \;
+
+ find $queue_directory/. $queue_directory/pid \
+ -prune \( -perm -020 -o -perm -002 \) \
+ -exec $WARN group or other writable: {} \;
+
+ # Check Postfix root-owned directory tree owner/permissions.
+
+ todo="$config_directory/."
+ test -n "$check_shared_files" && {
+ todo="$daemon_directory/. $meta_directory/. $todo"
+ test "$shlib_directory" = "no" ||
+ todo="$shlib_directory/. $todo"
+ }
+ todo=`echo "$todo" | tr ' ' '\12' | sort -u`
+
+ find $todo ! -user root \
+ -exec $WARN not owned by root: {} \;
+
+ # Handle symlinks separately
+ find -L $todo \( -perm -020 -o -perm -002 \) \
+ -exec $WARN group or other writable: {} \;
+
+ find $todo -type l | while read f; do \
+ readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \
+ done; \
+
+ # Check Postfix mail_owner-owned directory tree owner/permissions.
+
+ find $data_directory/. ! -user $mail_owner \
+ -exec $WARN not owned by $mail_owner: {} \;
+
+ find $data_directory/. \( -perm -020 -o -perm -002 \) \
+ -exec $WARN group or other writable: {} \;
+
+ # Check Postfix mail_owner-owned directory tree owner.
+
+ find `ls -d $queue_directory/* | \
+ egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
+ ! \( -type p -o -type s \) ! -user $mail_owner \
+ -exec $WARN not owned by $mail_owner: {} \;
+
+ # WARNING: this should not descend into the maildrop directory.
+ # maildrop is the least trusted Postfix directory.
+
+ find $queue_directory/maildrop -prune ! -user $mail_owner \
+ -exec $WARN not owned by $mail_owner: $queue_directory/maildrop \;
+
+ # Check Postfix setgid_group-owned directory and file group/permissions.
+
+ todo="$queue_directory/public $queue_directory/maildrop"
+ test -n "$check_shared_files" &&
+ todo="$command_directory/postqueue $command_directory/postdrop $todo"
+
+ find $todo \
+ -prune ! -group $setgid_group \
+ -exec $WARN not owned by group $setgid_group: {} \;
+
+ test -n "$check_shared_files" &&
+ find $command_directory/postqueue $command_directory/postdrop \
+ -prune ! -perm -02111 \
+ -exec $WARN not set-gid or not owner+group+world executable: {} \;
+
+ # Check non-Postfix root-owned directory tree owner/content.
+
+ for dir in bin etc lib sbin usr
+ do
+ test -d $dir && {
+ find $dir ! -user root \
+ -exec $WARN not owned by root: $queue_directory/{} \;
+
+ find $dir -type f -print | while read path
+ do
+ test -f /$path && {
+ cmp -s $path /$path ||
+ $WARN $queue_directory/$path and /$path differ
+ }
+ done
+ }
+ done
+
+ find corrupt -type f -exec $WARN damaged message: {} \;
+
+ # Check for non-Postfix MTA remnants.
+
+ test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \
+ -f /usr/lib/sendmail && {
+ cmp -s /usr/sbin/sendmail /usr/lib/sendmail || {
+ $WARN /usr/lib/sendmail and /usr/sbin/sendmail differ
+ $WARN Replace one by a symbolic link to the other
+ }
+ }
+ exit 0
+ ;;
+
+set-permissions|upgrade-configuration)
+ $daemon_directory/post-install create-missing "$@"
+ ;;
+
+post-install)
+ # Currently not part of the public interface.
+ shift
+ $daemon_directory/post-install "$@"
+ ;;
+
+tls)
+ shift
+ $daemon_directory/postfix-tls-script "$@"
+ ;;
+
+/*)
+ # Currently not part of the public interface.
+ "$@"
+ ;;
+
+logrotate)
+ case $# in
+ 1) ;;
+ *) $FATAL "usage postfix $1 (no arguments)"; exit 1;;
+ esac
+ for name in maillog_file maillog_file_compressor \
+ maillog_file_rotate_suffix
+ do
+ value="`$command_directory/postconf -h $name`"
+ case "$value" in
+ "") $FATAL "empty '$name' parameter value - logfile rotation failed"
+ exit 1;;
+ esac
+ eval $name='"$value"';
+ done
+
+ case "$maillog_file" in
+ /dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;;
+ esac
+
+ errors=`(
+ suffix="\`date +$maillog_file_rotate_suffix\`" || exit 1
+ mv "$maillog_file" "$maillog_file.$suffix" || exit 1
+ $daemon_directory/master -t 2>/dev/null ||
+ kill -HUP \`sed 1q pid/master.pid\` || exit 1
+ sleep 1
+ "$maillog_file_compressor" "$maillog_file.$suffix" || exit 1
+ ) 2>&1` || {
+ $FATAL "logfile '$maillog_file' rotation failed: $errors"
+ exit 1
+ }
+ ;;
+
+*)
+ $FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration, logrotate)"
+ exit 1
+ ;;
+
+esac
--- /dev/null
+# Rules are evaluated in the order as specified.
+#1.2.3.4 permit
+#2.3.4.5 reject
+
+# Permit local clients
+127.0.0.0/8 permit
+192.168.254.0/24 permit
+81.169.181.159 permit
--- /dev/null
+# Secret DNSBL name Name in postscreen(8) replies
--- /dev/null
+
+apache@teehaus-shila.de OK
+++ /dev/null
-# See man 5 aliases for format
-
-abuse: postmaster
-adm: root
-amavis: postmaster
-apache: webmaster
-apt: frank
-bind: hostmaster
-clamav: root
-daemon: root
-fail2ban: root
-f-brehm: frank
-f.brehm: frank
-fbr: frank
-fbrehm: frank
-frak: frank
-frank-brehm: frank
-frank.brehm: frank
-frank: frank@brehm-online.com
-hostmaster: root
-iredapd: root
-mail: postmaster
-mailer-daemon: postmaster
-me: frank
-nagios: root
-named: hostmaster
-news: root
-nginx: webmaster
-nobody: noreply
-noreply: /dev/null
-package: frank
-packages: frank
-portage: frank
-postfix: postmaster
-postmaster: frank@brehm-online.com
-root: frank
-security: root
-usenet: news
-uucp: root
-virusalert: root
-vmail: root
-webmaster: root
-www: webmaster
-www-data: webmaster
#==== ================================ ============= ============
pcre postfix-pcre.so dict_pcre_open
sqlite postfix-sqlite.so dict_sqlite_open
-mysql postfix-mysql.so dict_mysql_open
+++ /dev/null
-#---------------------------------------------------------------------
-# This file is part of iRedMail, which is an open source mail server
-# solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu.
-#
-# iRedMail is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# iRedMail is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with iRedMail. If not, see <http://www.gnu.org/licenses/>.
-#---------------------------------------------------------------------
-
-#
-# Sample Postfix check_helo_access rule. It should be localted at:
-# /etc/postfix/check_helo_access.pcre
-#
-# Shipped within iRedMail project:
-# * http://www.iredmail.org/
-#
-# Thanks all contributer(s):
-# * muniao <at> gamil.
-#
-
-# Prepend HELO hostname of sender server
-#/(.*)/ PREPEND X-Original-Helo: $1 (iRedMail: http://www.iredmail.org/)
-
-/h1693891.stratoserver.net/ OK
-
-# No one will use these in helo command.
-/^(localhost)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/^(localhost.localdomain)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(\.local)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-
-# Reject who use IP address as helo.
-# Correct: [xxx.xxx.xxx.xxx]
-# Incorrect: xxx.xxx.xxx.xxx
-/^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (${1})
-
-#
-# This is the real HELO identify of these ISPs:
-# sohu.com websmtp.sohu.com relay2nd.mail.sohu.com
-# 126.com m15-78.126.com
-# 163.com m31-189.vip.163.com m13-49.163.com
-# sina.com mail2-209.sinamail.sina.com.cn
-# gmail.com xx-out-NNNN.google.com
-/^(126\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
-/^(163\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
-/^(163\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
-/^(sohu\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
-/^(gmail\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
-/^(google\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
-/^(yahoo\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
-/^(yahoo\.co\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
-
-#
-# Spammers.
-#
-/^(728154EA470B4AA\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(taj-co\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(CF8D3DB045C1455\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(dsgsfdg\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(se\.nit7-ngbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(mail\.goo\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(n-ong_an\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(meqail\.teamefs-ine5tl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(zzg\.jhf-sp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(din_glo-ng\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(fda-cnc\.ie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(yrtaj-yrco\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(m\.am\.biz\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(xr_haig\.roup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(hjn\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(we_blf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(netvigator\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(mysam\.biz)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(mail\.teams-intl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(seningbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(nblf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(kdn\.ktguide\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(zzsp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(nblongan\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(dpu\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(nbalton\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(cncie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(xinhaigroup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/^(wz\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/(\.zj\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-/(\.kornet)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
-
-/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/^(system\.mail)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/^(speedtouch\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-
-#
-# Reject adsl spammers.
-#
-# match word `adsl` with word boundary `\b`.
-/(\badsl\b)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(\d{1,3}\.ip\.-\d{1,3}-\d{1,3}-\d{1,3}\.eu)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(pppoe)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(dsl\.brasiltelecom\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(dsl\.optinet\.hr)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(dsl\.telesp\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(dialup)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(dhcp)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(static-pool-[\d\.-]*\.flagman\.zp\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-
-/(speedy\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(speedyterra\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(static\.sbb\.rs)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-/(static\.vsnl\.net\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
-
-/(advance\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(airtelbroadband\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(bb\.netvision\.net\.il)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(broadband3\.iol\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(cable\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(catv\.broadband\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(chello\.nl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(chello\.sk)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(client\.mchsi\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(comunitel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(coprosys\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(dclient\.hispeed\.ch)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(dip0\.t-ipconnect\.de)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(domain\.invalid)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(dyn\.centurytel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(embarqhsd\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(emcali\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(epm\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(eutelia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(fastwebnet\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(fibertel\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(freedom2surf\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(hgcbroadband\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(HINET-IP\.hinet\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(infonet\.by)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(is74\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(kievnet\.com\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(metrotel\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(nw\.nuvox\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(pldt\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(pool\.invitel\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(pool\.ukrtel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(pools\.arcor-ip\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(pppoe\.avangarddsl\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(retail\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(revip2\.asianet\.co\.th)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(tim\.ro)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(tsi\.tychy\.pl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(ttnet\.net\.tr)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(tttmaxnet\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(user\.veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(utk\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(virtua\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(wanamaroc\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(wbt\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(wireless\.iaw\.on\.ca)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(business\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(cotas\.com\.bo)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(marunouchi\.tokyo\.ocn\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(amedex\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-/(aageneva\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
-# --------------------
-# INSTALL-TIME CONFIGURATION INFORMATION
-#
-# location of the Postfix queue. Default is /var/spool/postfix.
-queue_directory = /var/spool/postfix
+# Managed by config management
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-# location of all postXXX commands. Default is /usr/sbin.
-command_directory = /usr/sbin
-# location of all Postfix daemon programs (i.e. programs listed in the
-# master.cf file). This directory must be owned by root.
-# Default is /usr/libexec/postfix
-#daemon_directory = /usr/lib/postfix
+# Debian specific: Specifying a file name will cause the first
+# line of that file to be used as the name. The Debian default
+# is /etc/mailname.
+myorigin = /etc/mailname
-# location of Postfix-writable data files (caches, random numbers).
-# This directory must be owned by the mail_owner account (see below).
-# Default is /var/lib/postfix.
-data_directory = /var/lib/postfix
-
-# owner of the Postfix queue and of most Postfix daemon processes.
-# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
-# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
-# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
-# Default is postfix.
-mail_owner = postfix
-
-# The following parameters are used when installing a new Postfix version.
-#
-# sendmail_path: The full pathname of the Postfix sendmail command.
-# This is the Sendmail-compatible mail posting interface.
-#
-sendmail_path = /usr/sbin/sendmail
-
-# newaliases_path: The full pathname of the Postfix newaliases command.
-# This is the Sendmail-compatible command to build alias databases.
-#
-newaliases_path = /usr/bin/newaliases
-
-# full pathname of the Postfix mailq command. This is the Sendmail-compatible
-# mail queue listing command.
-mailq_path = /usr/bin/mailq
-
-# group for mail submission and queue management commands.
-# This must be a group name with a numerical group ID that is not shared with
-# other accounts, not even with the Postfix account.
-setgid_group = postdrop
-
-# external command that is executed when a Postfix daemon program is run with
-# the -D option.
-#
-# Use "command .. & sleep 5" so that the debugger can attach before
-# the process marches on. If you use an X-based debugger, be sure to
-# set up your XAUTHORITY environment variable before starting Postfix.
-#
-debugger_command =
- PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
- ddd $daemon_directory/$process_name $process_id & sleep 5
-
-debug_peer_level = 2
-
-# --------------------
-# CUSTOM SETTINGS
-#
-
-# SMTP server response code when recipient or domain not found.
-unknown_local_recipient_reject_code = 550
-
-# Do not notify local user.
+smtpd_banner = $myhostname ESMTP Frank Brehms Mail Service $mail_name ($mail_version) (Debian/GNU)
biff = no
-# Disable the rewriting of "site!user" into "user@site".
-swap_bangpath = no
-
-# Disable the rewriting of the form "user%domain" to "user@domain".
-allow_percent_hack = no
-
-# Allow recipient address start with '-'.
-allow_min_user = no
-
-# Disable the SMTP VRFY command. This stops some techniques used to
-# harvest email addresses.
-disable_vrfy_command = yes
-
-# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
-inet_protocols = all
-
-# Enable all network interfaces.
-inet_interfaces = all
-#
-# TLS settings.
-#
-# SSL key, certificate, CA
-#
+# appending .domain is the MUA's job.
+append_dot_mydomain = yes
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+# SASL parameters (http://www.postfix.org/SASL_README.html)
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_path = smtpd
+smtpd_sasl_type = cyrus
+smtpd_sasl_local_domain = $myhostname
+smtpd_sasl_security_options =
+ noanonymous,
+ noplaintext,
+smtpd_sasl_tls_security_options =
+ noanonymous,
+smtpd_tls_auth_only = no
+# TLS parameters (http://www.postfix.org/TLS_README.html)
+# Recipient settings
+smtpd_use_tls = yes
+smtpd_tls_loglevel = 1
+smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/letsencrypt/live/mail.uhu-banane.net/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.uhu-banane.net/fullchain.pem
smtpd_tls_CAfile = $smtpd_tls_cert_file
-
-#
-# Disable SSLv2, SSLv3
-#
-smtpd_tls_protocols = !SSLv2 !SSLv3
-smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
-smtp_tls_protocols = !SSLv2 !SSLv3
-smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
-lmtp_tls_protocols = !SSLv2 !SSLv3
-lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
-
-#
-# Fix 'The Logjam Attack'.
-#
-smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
-smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
-smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
-
-tls_random_source = dev:/dev/urandom
-
-# Log only a summary message on TLS handshake completion — no logging of client
-# certificate trust-chain verification errors if client certificate
-# verification is not required. With Postfix 2.8 and earlier, log the summary
-# message, peer certificate summary information and unconditionally log
-# trust-chain verification errors.
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_exclude_ciphers =
+ aNULL,
+ MD5,
+smtpd_tls_mandatory_protocols =
+ !SSLv2,
+ !SSLv3,
+tls_preempt_cipherlist = yes
+# Relay/Sender settings
smtp_tls_loglevel = 1
-smtpd_tls_loglevel = 1
-
-# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
-# not require that clients use TLS encryption.
-smtpd_tls_security_level = may
-
-# Produce `Received:` message headers that include information about the
-# protocol and cipher used, as well as the remote SMTP client CommonName and
-# client certificate issuer CommonName.
-# This is disabled by default, as the information may be modified in transit
-# through other mail servers. Only information that was recorded by the final
-# destination can be trusted.
-#smtpd_tls_received_header = yes
-
-# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
-# Use TLS if this is supported by the remote SMTP server, otherwise use
-# plaintext.
-# References:
-# - http://www.postfix.org/TLS_README.html#client_tls_may
-# - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
smtp_tls_security_level = may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtpd_tls_received_header = yes
+smtpd_tls_session_cache_timeout = 3600s
-# Use the same CA file as smtpd.
-smtp_tls_CAfile = $smtpd_tls_cert_file
-smtp_tls_note_starttls_offer = yes
-
-# Enable long, non-repeating, queue IDs (queue file names).
-# The benefit of non-repeating names is simpler logfile analysis and easier
-# queue migration (there is no need to run "postsuper" to change queue file
-# names that don't match their message file inode number).
-#enable_long_queue_ids = yes
-
-# Reject unlisted sender and recipient
-smtpd_reject_unlisted_recipient = yes
-smtpd_reject_unlisted_sender = yes
-
-# Header and body checks with PCRE table
-header_checks = pcre:/etc/postfix/header_checks
-body_checks = pcre:/etc/postfix/body_checks.pcre
-
-# HELO restriction
-smtpd_helo_required = yes
-smtpd_helo_restrictions =
- permit_mynetworks
- permit_sasl_authenticated
- reject_non_fqdn_helo_hostname
- reject_invalid_helo_hostname
- check_helo_access pcre:/etc/postfix/helo_access.pcre
-
-# Sender restrictions
-smtpd_sender_restrictions =
- reject_unknown_sender_domain
- reject_non_fqdn_sender
- reject_unlisted_sender
- permit_mynetworks
- permit_sasl_authenticated
- check_sender_access pcre:/etc/postfix/sender_access.pcre
-
-# Recipient restrictions
-smtpd_recipient_restrictions =
- reject_unknown_recipient_domain
- reject_non_fqdn_recipient
- reject_unlisted_recipient
- permit_mynetworks
- permit_sasl_authenticated
- reject_unauth_destination
-
- # check_policy_service inet:127.0.0.1:7777
-
-# Data restrictions
-smtpd_data_restrictions = reject_unauth_pipelining
-
-# END-OF-MESSAGE restrictions
-smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
-
-proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
-
-# Avoid duplicate recipient messages. Default is 'yes'.
-enable_original_recipient = no
-
-# Virtual support.
-virtual_minimum_uid = 2000
-virtual_uid_maps = static:2000
-virtual_gid_maps = static:2000
-virtual_mailbox_base = /home/vmail
-
-# Do not set virtual_alias_domains.
-virtual_alias_domains =
-
-#
-# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
-# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
-# be forced to submit email through port 587 instead.
-#
-#smtpd_sasl_auth_enable = yes
-#smtpd_tls_auth_only = yes
-#smtpd_sasl_security_options = noanonymous
-
-# hostname
-myhostname = mail.uhu-banane.net
-myorigin = mail.uhu-banane.net
-mydomain = uhu-banane.net
-
-# trusted SMTP clients which are allowed to relay mail through Postfix.
-#
-# Note: additional IP addresses/networks listed in mynetworks should be listed
-# in iRedAPD setting 'MYNETWORKS' too. for example:
-#
-# MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
-#
+myhostname = sarah.uhu-banane.de
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+mydestination = sarah.uhu-banane.de, sarah.brehm-online.com, localhost.uhu-banane.de, localhost, localhost.localdomain
+relayhost = [mail.uhu-banane.net]:submission
mynetworks = 127.0.0.1, 185.48.118.130, 10.12.20.5, [2001:6f8:1db7::5]
-
-# Accepted local emails
-mydestination = $myhostname, sarah.uhu-banane.de, localhost, localhost.localdomain
-
-alias_maps = hash:/etc/postfix/aliases
-alias_database = hash:/etc/postfix/aliases
-
-# Default message_size_limit.
-message_size_limit = 52428800
-
-# The set of characters that can separate a user name from its extension
-# (example: user+foo), or a .forward file name from its extension (example:
-# .forward+foo).
-# Postfix 2.11 and later supports multiple characters.
+mailbox_command = procmail -a "$EXTENSION"
+mailbox_size_limit = 0
recipient_delimiter = +
+inet_interfaces = loopback-only
+inet_protocols = ipv4
-#
-# Lookup virtual mail accounts
-#
-transport_maps =
- proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
-
-sender_dependent_relayhost_maps =
- proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
-
-# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
-smtpd_sender_login_maps =
- proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
-
-virtual_mailbox_domains =
- proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
-
-relay_domains =
- $mydestination
- proxy:mysql:/etc/postfix/mysql/relay_domains.cf
-
-virtual_mailbox_maps =
- proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
-
-virtual_alias_maps =
- proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
- proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
- proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
- proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
-
-sender_bcc_maps =
- proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
+message_size_limit = 41943040
-recipient_bcc_maps =
- proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
-postscreen_dnsbl_threshold = 2
-postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
-postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
-postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
-postscreen_greet_action = enforce
-postscreen_dnsbl_action = enforce
-postscreen_blacklist_action = enforce
-postscreen_dnsbl_whitelist_threshold = -2
-#
-# Dovecot SASL support.
-#
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/dovecot-auth
-virtual_transport = dovecot
-dovecot_destination_recipient_limit = 1
-content_filter = smtp-amavis:[127.0.0.1]:10024
-smtp-amavis_destination_recipient_limit = 1
-mailbox_size_limit = 524288000
-smtpd_tls_received_header = yes
-
-# smtpd_milters = inet:localhost:8891
-# non_smtpd_milters = inet:localhost:8891
-
-smtpd_banner = $myhostname ESMTP $mail_name $mail_version
-smtpd_sasl_authenticated_header = yes
+smtpd_relay_restrictions =
+ permit_mynetworks,
+ permit_sasl_authenticated,
+ defer_unauth_destination,
+smtpd_recipient_restrictions =
+ permit_mynetworks,
+ permit_sasl_authenticated,
+ reject_unauth_destination,
+smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
+smtp_tls_enforce_peername = no
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_key_file
+smtp_use_tls = yes
+smtp_sasl_security_options = noanonymous
+smtp_sasl_auth_enable = yes
+smtp_tls_CApath =
+
+unknown_local_recipient_reject_code = 550
+
+# vim: filetype=pfmain
+++ /dev/null
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific: Specifying a file name will cause the first
-# line of that file to be used as the name. The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = sarah.uhu-banane.de
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = sarah.uhu-banane.de, localhost.uhu-banane.de, , localhost
-relayhost =
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
+++ /dev/null
-# --------------------
-# INSTALL-TIME CONFIGURATION INFORMATION
-#
-# location of the Postfix queue. Default is /var/spool/postfix.
-queue_directory = /var/spool/postfix
-
-# location of all postXXX commands. Default is /usr/sbin.
-command_directory = /usr/sbin
-
-# location of all Postfix daemon programs (i.e. programs listed in the
-# master.cf file). This directory must be owned by root.
-# Default is /usr/libexec/postfix
-daemon_directory = /usr/lib/postfix
-
-# location of Postfix-writable data files (caches, random numbers).
-# This directory must be owned by the mail_owner account (see below).
-# Default is /var/lib/postfix.
-data_directory = /var/lib/postfix
-
-# owner of the Postfix queue and of most Postfix daemon processes.
-# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
-# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
-# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
-# Default is postfix.
-mail_owner = postfix
-
-# The following parameters are used when installing a new Postfix version.
-#
-# sendmail_path: The full pathname of the Postfix sendmail command.
-# This is the Sendmail-compatible mail posting interface.
-#
-sendmail_path = /usr/sbin/sendmail
-
-# newaliases_path: The full pathname of the Postfix newaliases command.
-# This is the Sendmail-compatible command to build alias databases.
-#
-newaliases_path = /usr/bin/newaliases
-
-# full pathname of the Postfix mailq command. This is the Sendmail-compatible
-# mail queue listing command.
-mailq_path = /usr/bin/mailq
-
-# group for mail submission and queue management commands.
-# This must be a group name with a numerical group ID that is not shared with
-# other accounts, not even with the Postfix account.
-setgid_group = postdrop
-
-# external command that is executed when a Postfix daemon program is run with
-# the -D option.
-#
-# Use "command .. & sleep 5" so that the debugger can attach before
-# the process marches on. If you use an X-based debugger, be sure to
-# set up your XAUTHORITY environment variable before starting Postfix.
-#
-debugger_command =
- PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
- ddd $daemon_directory/$process_name $process_id & sleep 5
-
-debug_peer_level = 2
-
-# --------------------
-# CUSTOM SETTINGS
-#
-
-# SMTP server response code when recipient or domain not found.
-unknown_local_recipient_reject_code = 550
-
-# Do not notify local user.
-biff = no
-
-# Disable the rewriting of "site!user" into "user@site".
-swap_bangpath = no
-
-# Disable the rewriting of the form "user%domain" to "user@domain".
-allow_percent_hack = no
-
-# Allow recipient address start with '-'.
-allow_min_user = no
-
-# Disable the SMTP VRFY command. This stops some techniques used to
-# harvest email addresses.
-disable_vrfy_command = yes
-
-# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
-inet_protocols = all
-
-# Enable all network interfaces.
-inet_interfaces = all
-
-#
-# TLS settings.
-#
-# SSL key, certificate, CA
-#
-smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
-smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
-smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
-
-#
-# Disable SSLv2, SSLv3
-#
-smtpd_tls_protocols = !SSLv2 !SSLv3
-smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
-smtp_tls_protocols = !SSLv2 !SSLv3
-smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
-lmtp_tls_protocols = !SSLv2 !SSLv3
-lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
-
-#
-# Fix 'The Logjam Attack'.
-#
-smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
-smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
-smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
-
-tls_random_source = dev:/dev/urandom
-
-# Log only a summary message on TLS handshake completion — no logging of client
-# certificate trust-chain verification errors if client certificate
-# verification is not required. With Postfix 2.8 and earlier, log the summary
-# message, peer certificate summary information and unconditionally log
-# trust-chain verification errors.
-smtp_tls_loglevel = 1
-smtpd_tls_loglevel = 1
-
-# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
-# not require that clients use TLS encryption.
-smtpd_tls_security_level = may
-
-# Produce `Received:` message headers that include information about the
-# protocol and cipher used, as well as the remote SMTP client CommonName and
-# client certificate issuer CommonName.
-# This is disabled by default, as the information may be modified in transit
-# through other mail servers. Only information that was recorded by the final
-# destination can be trusted.
-#smtpd_tls_received_header = yes
-
-# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
-# Use TLS if this is supported by the remote SMTP server, otherwise use
-# plaintext.
-# References:
-# - http://www.postfix.org/TLS_README.html#client_tls_may
-# - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
-smtp_tls_security_level = may
-
-# Use the same CA file as smtpd.
-smtp_tls_CAfile = $smtpd_tls_CAfile
-smtp_tls_note_starttls_offer = yes
-
-# Enable long, non-repeating, queue IDs (queue file names).
-# The benefit of non-repeating names is simpler logfile analysis and easier
-# queue migration (there is no need to run "postsuper" to change queue file
-# names that don't match their message file inode number).
-#enable_long_queue_ids = yes
-
-# Reject unlisted sender and recipient
-smtpd_reject_unlisted_recipient = yes
-smtpd_reject_unlisted_sender = yes
-
-# Header and body checks with PCRE table
-header_checks = pcre:/etc/postfix/header_checks
-body_checks = pcre:/etc/postfix/body_checks.pcre
-
-# HELO restriction
-smtpd_helo_required = yes
-smtpd_helo_restrictions =
- permit_mynetworks
- permit_sasl_authenticated
- reject_non_fqdn_helo_hostname
- reject_invalid_helo_hostname
- check_helo_access pcre:/etc/postfix/helo_access.pcre
-
-# Sender restrictions
-smtpd_sender_restrictions =
- reject_unknown_sender_domain
- reject_non_fqdn_sender
- reject_unlisted_sender
- permit_mynetworks
- permit_sasl_authenticated
- check_sender_access pcre:/etc/postfix/sender_access.pcre
-
-# Recipient restrictions
-smtpd_recipient_restrictions =
- reject_unknown_recipient_domain
- reject_non_fqdn_recipient
- reject_unlisted_recipient
- check_policy_service inet:127.0.0.1:7777
- permit_mynetworks
- permit_sasl_authenticated
- reject_unauth_destination
-
-# Data restrictions
-smtpd_data_restrictions = reject_unauth_pipelining
-
-# END-OF-MESSAGE restrictions
-smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
-
-proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
-
-# Avoid duplicate recipient messages. Default is 'yes'.
-enable_original_recipient = no
-
-# Virtual support.
-virtual_minimum_uid = 2000
-virtual_uid_maps = static:2000
-virtual_gid_maps = static:2000
-virtual_mailbox_base = /home/vmail
-
-# Do not set virtual_alias_domains.
-virtual_alias_domains =
-
-#
-# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
-# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
-# be forced to submit email through port 587 instead.
-#
-#smtpd_sasl_auth_enable = yes
-#smtpd_tls_auth_only = yes
-#smtpd_sasl_security_options = noanonymous
-
-# hostname
-myhostname = sarah.uhu-banane.de
-myorigin = sarah.uhu-banane.de
-mydomain = sarah.uhu-banane.de
-
-# trusted SMTP clients which are allowed to relay mail through Postfix.
-#
-# Note: additional IP addresses/networks listed in mynetworks should be listed
-# in iRedAPD setting 'MYNETWORKS' too. for example:
-#
-# MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
-#
-mynetworks = 127.0.0.1
-
-# Accepted local emails
-mydestination = $myhostname, localhost, localhost.localdomain
-
-alias_maps = hash:/etc/postfix/aliases
-alias_database = hash:/etc/postfix/aliases
-
-# Default message_size_limit.
-message_size_limit = 15728640
-
-# The set of characters that can separate a user name from its extension
-# (example: user+foo), or a .forward file name from its extension (example:
-# .forward+foo).
-# Postfix 2.11 and later supports multiple characters.
-recipient_delimiter = +
-
-#
-# Lookup virtual mail accounts
-#
-transport_maps =
- proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
-
-sender_dependent_relayhost_maps =
- proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
-
-# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
-smtpd_sender_login_maps =
- proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
-
-virtual_mailbox_domains =
- proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
-
-relay_domains =
- $mydestination
- proxy:mysql:/etc/postfix/mysql/relay_domains.cf
-
-virtual_mailbox_maps =
- proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
-
-virtual_alias_maps =
- proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
- proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
- proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
- proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
-
-sender_bcc_maps =
- proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
-
-recipient_bcc_maps =
- proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
+++ /dev/null
-# --------------------
-# INSTALL-TIME CONFIGURATION INFORMATION
-#
-# location of the Postfix queue. Default is /var/spool/postfix.
-queue_directory = /var/spool/postfix
-
-# location of all postXXX commands. Default is /usr/sbin.
-command_directory = /usr/sbin
-
-# location of all Postfix daemon programs (i.e. programs listed in the
-# master.cf file). This directory must be owned by root.
-# Default is /usr/libexec/postfix
-#daemon_directory = /usr/lib/postfix
-
-# location of Postfix-writable data files (caches, random numbers).
-# This directory must be owned by the mail_owner account (see below).
-# Default is /var/lib/postfix.
-data_directory = /var/lib/postfix
-
-# owner of the Postfix queue and of most Postfix daemon processes.
-# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
-# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
-# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
-# Default is postfix.
-mail_owner = postfix
-
-# The following parameters are used when installing a new Postfix version.
-#
-# sendmail_path: The full pathname of the Postfix sendmail command.
-# This is the Sendmail-compatible mail posting interface.
-#
-sendmail_path = /usr/sbin/sendmail
-
-# newaliases_path: The full pathname of the Postfix newaliases command.
-# This is the Sendmail-compatible command to build alias databases.
-#
-newaliases_path = /usr/bin/newaliases
-
-# full pathname of the Postfix mailq command. This is the Sendmail-compatible
-# mail queue listing command.
-mailq_path = /usr/bin/mailq
-
-# group for mail submission and queue management commands.
-# This must be a group name with a numerical group ID that is not shared with
-# other accounts, not even with the Postfix account.
-setgid_group = postdrop
-
-# external command that is executed when a Postfix daemon program is run with
-# the -D option.
-#
-# Use "command .. & sleep 5" so that the debugger can attach before
-# the process marches on. If you use an X-based debugger, be sure to
-# set up your XAUTHORITY environment variable before starting Postfix.
-#
-debugger_command =
- PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
- ddd $daemon_directory/$process_name $process_id & sleep 5
-
-debug_peer_level = 2
-
-# --------------------
-# CUSTOM SETTINGS
-#
-
-# SMTP server response code when recipient or domain not found.
-unknown_local_recipient_reject_code = 550
-
-# Do not notify local user.
-biff = no
-
-# Disable the rewriting of "site!user" into "user@site".
-swap_bangpath = no
-
-# Disable the rewriting of the form "user%domain" to "user@domain".
-allow_percent_hack = no
-
-# Allow recipient address start with '-'.
-allow_min_user = no
-
-# Disable the SMTP VRFY command. This stops some techniques used to
-# harvest email addresses.
-disable_vrfy_command = yes
-
-# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
-inet_protocols = all
-
-# Enable all network interfaces.
-inet_interfaces = all
-
-#
-# TLS settings.
-#
-# SSL key, certificate, CA
-#
-smtpd_tls_key_file = /etc/letsencrypt/live/mail.uhu-banane.net/privkey.pem
-smtpd_tls_cert_file = /etc/letsencrypt/live/mail.uhu-banane.net/fullchain.pem
-smtpd_tls_CAfile = $smtpd_tls_cert_file
-
-#
-# Disable SSLv2, SSLv3
-#
-smtpd_tls_protocols = !SSLv2 !SSLv3
-smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
-smtp_tls_protocols = !SSLv2 !SSLv3
-smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
-lmtp_tls_protocols = !SSLv2 !SSLv3
-lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
-
-#
-# Fix 'The Logjam Attack'.
-#
-smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
-smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
-smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
-
-tls_random_source = dev:/dev/urandom
-
-# Log only a summary message on TLS handshake completion — no logging of client
-# certificate trust-chain verification errors if client certificate
-# verification is not required. With Postfix 2.8 and earlier, log the summary
-# message, peer certificate summary information and unconditionally log
-# trust-chain verification errors.
-smtp_tls_loglevel = 1
-smtpd_tls_loglevel = 1
-
-# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
-# not require that clients use TLS encryption.
-smtpd_tls_security_level = may
-
-# Produce `Received:` message headers that include information about the
-# protocol and cipher used, as well as the remote SMTP client CommonName and
-# client certificate issuer CommonName.
-# This is disabled by default, as the information may be modified in transit
-# through other mail servers. Only information that was recorded by the final
-# destination can be trusted.
-#smtpd_tls_received_header = yes
-
-# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
-# Use TLS if this is supported by the remote SMTP server, otherwise use
-# plaintext.
-# References:
-# - http://www.postfix.org/TLS_README.html#client_tls_may
-# - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
-smtp_tls_security_level = may
-
-# Use the same CA file as smtpd.
-smtp_tls_CAfile = $smtpd_tls_cert_file
-smtp_tls_note_starttls_offer = yes
-
-# Enable long, non-repeating, queue IDs (queue file names).
-# The benefit of non-repeating names is simpler logfile analysis and easier
-# queue migration (there is no need to run "postsuper" to change queue file
-# names that don't match their message file inode number).
-#enable_long_queue_ids = yes
-
-# Reject unlisted sender and recipient
-smtpd_reject_unlisted_recipient = yes
-smtpd_reject_unlisted_sender = yes
-
-# Header and body checks with PCRE table
-header_checks = pcre:/etc/postfix/header_checks
-body_checks = pcre:/etc/postfix/body_checks.pcre
-
-# HELO restriction
-smtpd_helo_required = yes
-smtpd_helo_restrictions =
- permit_mynetworks
- permit_sasl_authenticated
- reject_non_fqdn_helo_hostname
- reject_invalid_helo_hostname
- check_helo_access pcre:/etc/postfix/helo_access.pcre
-
-# Sender restrictions
-smtpd_sender_restrictions =
- reject_unknown_sender_domain
- reject_non_fqdn_sender
- reject_unlisted_sender
- permit_mynetworks
- permit_sasl_authenticated
- check_sender_access pcre:/etc/postfix/sender_access.pcre
-
-# Recipient restrictions
-smtpd_recipient_restrictions =
- reject_unknown_recipient_domain
- reject_non_fqdn_recipient
- reject_unlisted_recipient
- check_policy_service inet:127.0.0.1:7777
- permit_mynetworks
- permit_sasl_authenticated
- reject_unauth_destination
-
-# Data restrictions
-smtpd_data_restrictions = reject_unauth_pipelining
-
-# END-OF-MESSAGE restrictions
-smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
-
-proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
-
-# Avoid duplicate recipient messages. Default is 'yes'.
-enable_original_recipient = no
-
-# Virtual support.
-virtual_minimum_uid = 2000
-virtual_uid_maps = static:2000
-virtual_gid_maps = static:2000
-virtual_mailbox_base = /home/vmail
-
-# Do not set virtual_alias_domains.
-virtual_alias_domains =
-
-#
-# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
-# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
-# be forced to submit email through port 587 instead.
-#
-#smtpd_sasl_auth_enable = yes
-#smtpd_tls_auth_only = yes
-#smtpd_sasl_security_options = noanonymous
-
-# hostname
-myhostname = mail.uhu-banane.net
-myorigin = mail.uhu-banane.net
-mydomain = uhu-banane.net
-
-# trusted SMTP clients which are allowed to relay mail through Postfix.
-#
-# Note: additional IP addresses/networks listed in mynetworks should be listed
-# in iRedAPD setting 'MYNETWORKS' too. for example:
-#
-# MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
-#
-mynetworks = 127.0.0.1, 185.48.118.130, 10.12.20.5, [2001:6f8:1db7::5]
-
-# Accepted local emails
-mydestination = $myhostname, sarah.uhu-banane.de, localhost, localhost.localdomain
-
-alias_maps = hash:/etc/postfix/aliases
-alias_database = hash:/etc/postfix/aliases
-
-# Default message_size_limit.
-message_size_limit = 52428800
-
-# The set of characters that can separate a user name from its extension
-# (example: user+foo), or a .forward file name from its extension (example:
-# .forward+foo).
-# Postfix 2.11 and later supports multiple characters.
-recipient_delimiter = +
-
-#
-# Lookup virtual mail accounts
-#
-transport_maps =
- proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
-
-sender_dependent_relayhost_maps =
- proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
-
-# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
-smtpd_sender_login_maps =
- proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
-
-virtual_mailbox_domains =
- proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
-
-relay_domains =
- $mydestination
- proxy:mysql:/etc/postfix/mysql/relay_domains.cf
-
-virtual_mailbox_maps =
- proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
-
-virtual_alias_maps =
- proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
- proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
- proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
- proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
-
-sender_bcc_maps =
- proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
-
-recipient_bcc_maps =
- proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
- proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
-postscreen_dnsbl_threshold = 2
-postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
-postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
-postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
-postscreen_greet_action = enforce
-postscreen_dnsbl_action = enforce
-postscreen_blacklist_action = enforce
-postscreen_dnsbl_whitelist_threshold = -2
-#
-# Dovecot SASL support.
-#
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/dovecot-auth
-virtual_transport = dovecot
-dovecot_destination_recipient_limit = 1
-content_filter = smtp-amavis:[127.0.0.1]:10024
-smtp-amavis_destination_recipient_limit = 1
-mailbox_size_limit = 524288000
-smtpd_tls_received_header = yes
-
-# smtpd_milters = inet:localhost:8891
-# non_smtpd_milters = inet:localhost:8891
-
-smtpd_banner = $myhostname ESMTP $mail_name $mail_version
-smtpd_sasl_authenticated_header = yes
-smtp_tls_cert_file = $smtpd_tls_cert_file
-smtp_tls_key_file = $smtpd_tls_key_file
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (yes) (never) (100)
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
# ==========================================================================
-#smtp inet n - - - - smtpd
-smtp inet n - - - 1 postscreen
-smtpd pass - - - - - smtpd
-dnsblog unix - - - - 0 dnsblog
-tlsproxy unix - - - - 0 tlsproxy
-#submission inet n - - - - smtpd
+smtp inet n - - - - smtpd
+#smtp inet n - - - 1 postscreen
+#smtpd pass - - - - - smtpd
+#dnsblog unix - - - - 0 dnsblog
+#tlsproxy unix - - - - 0 tlsproxy
+#submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
-#smtps inet n - - - - smtpd
+#smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
-#628 inet n - - - - qmqpd
-pickup unix n - - 60 1 pickup
- -o content_filter=smtp-amavis:[127.0.0.1]:10026
-cleanup unix n - - - 0 cleanup
-qmgr unix n - n 300 1 qmgr
-#qmgr unix n - n 300 1 oqmgr
-tlsmgr unix - - - 1000? 1 tlsmgr
-rewrite unix - - - - - trivial-rewrite
-bounce unix - - - - 0 bounce
-defer unix - - - - 0 bounce
-trace unix - - - - 0 bounce
-verify unix - - - - 1 verify
-flush unix n - - 1000? 0 flush
-proxymap unix - - n - - proxymap
-proxywrite unix - - n - 1 proxymap
-smtp unix - - - - - smtp
-relay unix - - - - - smtp
+#628 inet n - - - - qmqpd
+pickup unix n - - 60 1 pickup
+cleanup unix n - - - 0 cleanup
+qmgr unix n - n 300 1 qmgr
+#qmgr unix n - n 300 1 oqmgr
+tlsmgr unix - - - 1000? 1 tlsmgr
+rewrite unix - - - - - trivial-rewrite
+bounce unix - - - - 0 bounce
+defer unix - - - - 0 bounce
+trace unix - - - - 0 bounce
+verify unix - - - - 1 verify
+flush unix n - - 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - - - - smtp
+relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq unix n - - - - showq
-error unix - - - - - error
-retry unix - - - - - error
-discard unix - - - - - discard
-local unix - n n - - local
-virtual unix - n n - - virtual
-lmtp unix - - - - - lmtp
-anvil unix - - - - 1 anvil
-scache unix - - - - 1 scache
+showq unix n - - - - showq
+error unix - - - - - error
+retry unix - - - - - error
+discard unix - - - - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - - - - lmtp
+anvil unix - - - - 1 anvil
+scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
-maildrop unix - n n - - pipe
+maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
-#cyrus unix - n n - - pipe
+#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
-#old-cyrus unix - n n - - pipe
+#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
-uucp unix - n n - - pipe
+uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
-ifmail unix - n n - - pipe
+ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
+bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
+scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
+mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-# Submission, port 587, force TLS connection.
-submission inet n - n - - smtpd
- -o syslog_name=postfix/submission
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
- -o content_filter=smtp-amavis:[127.0.0.1]:10026
-
-# Use dovecot's `deliver` program as LDA.
-dovecot unix - n n - - pipe
- flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}
-
-# Amavisd integration.
-smtp-amavis unix - - n - 2 smtp
- -o smtp_data_done_timeout=1200
- -o smtp_send_xforward_command=yes
- -o disable_dns_lookups=yes
- -o max_use=20
-
-127.0.0.1:10025 inet n - n - - smtpd
- -o content_filter=
- -o mynetworks_style=host
- -o mynetworks=127.0.0.0/8
- -o local_recipient_maps=
- -o relay_recipient_maps=
- -o strict_rfc821_envelopes=yes
- -o smtp_tls_security_level=none
- -o smtpd_tls_security_level=none
- -o smtpd_restriction_classes=
- -o smtpd_delay_reject=no
- -o smtpd_client_restrictions=permit_mynetworks,reject
- -o smtpd_helo_restrictions=
- -o smtpd_sender_restrictions=
- -o smtpd_recipient_restrictions=permit_mynetworks,reject
- -o smtpd_end_of_data_restrictions=
- -o smtpd_error_sleep_time=0
- -o smtpd_soft_error_limit=1001
- -o smtpd_hard_error_limit=1000
- -o smtpd_client_connection_count_limit=0
- -o smtpd_client_connection_rate_limit=0
- -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings,no_milters
-
-# vim: ts=4
+++ /dev/null
-#
-# Postfix master process configuration file. For details on the format
-# of the file, see the master(5) manual page (command: "man 5 master" or
-# on-line: http://www.postfix.org/master.5.html).
-#
-# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (yes) (never) (100)
-# ==========================================================================
-smtp inet n - - - - smtpd
-#smtp inet n - - - 1 postscreen
-#smtpd pass - - - - - smtpd
-#dnsblog unix - - - - 0 dnsblog
-#tlsproxy unix - - - - 0 tlsproxy
-#submission inet n - - - - smtpd
-# -o syslog_name=postfix/submission
-# -o smtpd_tls_security_level=encrypt
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
-#smtps inet n - - - - smtpd
-# -o syslog_name=postfix/smtps
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
-#628 inet n - - - - qmqpd
-pickup unix n - - 60 1 pickup
-cleanup unix n - - - 0 cleanup
-qmgr unix n - n 300 1 qmgr
-#qmgr unix n - n 300 1 oqmgr
-tlsmgr unix - - - 1000? 1 tlsmgr
-rewrite unix - - - - - trivial-rewrite
-bounce unix - - - - 0 bounce
-defer unix - - - - 0 bounce
-trace unix - - - - 0 bounce
-verify unix - - - - 1 verify
-flush unix n - - 1000? 0 flush
-proxymap unix - - n - - proxymap
-proxywrite unix - - n - 1 proxymap
-smtp unix - - - - - smtp
-relay unix - - - - - smtp
-# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq unix n - - - - showq
-error unix - - - - - error
-retry unix - - - - - error
-discard unix - - - - - discard
-local unix - n n - - local
-virtual unix - n n - - virtual
-lmtp unix - - - - - lmtp
-anvil unix - - - - 1 anvil
-scache unix - - - - 1 scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent. See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
-
+++ /dev/null
-#
-# Postfix master process configuration file. For details on the format
-# of the file, see the master(5) manual page (command: "man 5 master" or
-# on-line: http://www.postfix.org/master.5.html).
-#
-# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (yes) (never) (100)
-# ==========================================================================
-smtp inet n - - - - smtpd
-#smtp inet n - - - 1 postscreen
-#smtpd pass - - - - - smtpd
-#dnsblog unix - - - - 0 dnsblog
-#tlsproxy unix - - - - 0 tlsproxy
-#submission inet n - - - - smtpd
-# -o syslog_name=postfix/submission
-# -o smtpd_tls_security_level=encrypt
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
-#smtps inet n - - - - smtpd
-# -o syslog_name=postfix/smtps
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
-#628 inet n - - - - qmqpd
-pickup unix n - - 60 1 pickup
-cleanup unix n - - - 0 cleanup
-qmgr unix n - n 300 1 qmgr
-#qmgr unix n - n 300 1 oqmgr
-tlsmgr unix - - - 1000? 1 tlsmgr
-rewrite unix - - - - - trivial-rewrite
-bounce unix - - - - 0 bounce
-defer unix - - - - 0 bounce
-trace unix - - - - 0 bounce
-verify unix - - - - 1 verify
-flush unix n - - 1000? 0 flush
-proxymap unix - - n - - proxymap
-proxywrite unix - - n - 1 proxymap
-smtp unix - - - - - smtp
-relay unix - - - - - smtp
-# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq unix n - - - - showq
-error unix - - - - - error
-retry unix - - - - - error
-discard unix - - - - - discard
-local unix - n n - - local
-virtual unix - n n - - virtual
-lmtp unix - - - - - lmtp
-anvil unix - - - - 1 anvil
-scache unix - - - - 1 scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent. See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
-
-# Submission, port 587, force TLS connection.
-submission inet n - n - - smtpd
- -o syslog_name=postfix/submission
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
- -o content_filter=smtp-amavis:[127.0.0.1]:10026
-
-# Use dovecot's `deliver` program as LDA.
-dovecot unix - n n - - pipe
- flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}
-
-# Amavisd integration.
-smtp-amavis unix - - n - 2 smtp
- -o smtp_data_done_timeout=1200
- -o smtp_send_xforward_command=yes
- -o disable_dns_lookups=yes
- -o max_use=20
-
-127.0.0.1:10025 inet n - n - - smtpd
- -o content_filter=
- -o mynetworks_style=host
- -o mynetworks=127.0.0.0/8
- -o local_recipient_maps=
- -o relay_recipient_maps=
- -o strict_rfc821_envelopes=yes
- -o smtp_tls_security_level=none
- -o smtpd_tls_security_level=none
- -o smtpd_restriction_classes=
- -o smtpd_delay_reject=no
- -o smtpd_client_restrictions=permit_mynetworks,reject
- -o smtpd_helo_restrictions=
- -o smtpd_sender_restrictions=
- -o smtpd_recipient_restrictions=permit_mynetworks,reject
- -o smtpd_end_of_data_restrictions=
- -o smtpd_error_sleep_time=0
- -o smtpd_soft_error_limit=1001
- -o smtpd_hard_error_limit=1000
- -o smtpd_client_connection_count_limit=0
- -o smtpd_client_connection_rate_limit=0
- -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
--- /dev/null
+#!/bin/bash
+#
+# This is a short script to quickly generate a self-signed X.509 key for
+# Postfix over SSL. Normally this script would get called by an automatic
+# package installation routine.
+
+test -x /usr/bin/openssl || exit 0
+
+prefix="/usr"
+pemfile="/etc/postfix/postfix.pem"
+randfile="/etc/postfix/postfix.rand"
+conffile="/etc/postfix/postfix-cert.cnf"
+
+if [[ -f "${pemfile}" ]]; then
+ echo "${pemfile} already exists."
+ exit 1
+fi
+
+if [[ ! -f "${conffile}" ]] ; then
+ echo "${conffile} does not exists!"
+ exit 2
+fi
+
+cp /dev/null "${pemfile}"
+chmod 600 "${pemfile}"
+chown root "${pemfile}"
+
+cleanup() {
+ rm -f "${pemfile}"
+ rm -f "${randfile}"
+ exit 1
+}
+
+dd if=/dev/urandom of="${randfile}" count=1 2>/dev/null
+/usr/bin/openssl req -new -x509 -days 3650 -nodes \
+ -config "${conffile}" -out "${pemfile}" -keyout "${pemfile}" || cleanup
+/usr/bin/openssl gendh -rand "${randfile}" 512 >> "${pemfile}" || cleanup
+/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in "${pemfile}" || cleanup
+rm -f "${randfile}"
+
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT alias.goto FROM alias,domain WHERE alias.address='%d' AND '%u' NOT LIKE '%%+%%' AND alias.address=domain.domain AND alias.active=1 AND domain.active=1 AND domain.backupmx=0
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT alias.goto FROM alias,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND alias.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND alias.active=1 AND alias_domain.active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT alias.goto FROM alias,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND alias.address=CONCAT('%u', '@', alias_domain.target_domain) AND alias_domain.target_domain=domain.domain AND alias.active=1 AND alias_domain.active=1 AND domain.backupmx=0
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT bcc_address FROM recipient_bcc_domain WHERE domain='%d' AND active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT recipient_bcc_user.bcc_address FROM recipient_bcc_user,domain WHERE recipient_bcc_user.username='%s' AND recipient_bcc_user.domain='%d' AND recipient_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND recipient_bcc_user.active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT domain FROM domain WHERE domain='%s' AND backupmx=1 AND active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT bcc_address FROM sender_bcc_domain WHERE domain='%d' AND active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT sender_bcc_user.bcc_address FROM sender_bcc_user,domain WHERE sender_bcc_user.username='%s' AND sender_bcc_user.domain='%d' AND sender_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND sender_bcc_user.active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT relayhost FROM sender_relayhost WHERE account='%s' LIMIT 1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT transport FROM domain WHERE domain='%s' AND active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT mailbox.transport FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.transport<>'' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.backupmx=0 AND domain.active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT alias.goto FROM alias,domain WHERE alias.address='%s' AND alias.domain='%d' AND alias.domain=domain.domain AND alias.active=1 AND domain.backupmx=0 AND domain.active=1
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1 UNION SELECT alias_domain.alias_domain FROM alias_domain,domain WHERE alias_domain.alias_domain='%s' AND alias_domain.active=1 AND alias_domain.target_domain=domain.domain AND domain.active=1 AND domain.backupmx=0
+++ /dev/null
-hosts = 127.0.0.1
-# port = 3306
-user = vmail
-password = 511f8COpWlgTgNlxW5N5AIyqZ5LkJG
-dbname = vmail
-query = SELECT CONCAT(mailbox.storagenode, '/', mailbox.maildir, '/Maildir/') FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.domain = mailbox.domain AND domain.active=1
--- /dev/null
+RANDFILE = /usr/share/postfix.rand
+
+[ req ]
+default_bits = 1024
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+C=DE
+ST=Berlin
+L=Berlin
+O=Frank Brehm
+OU=Mail Server Postfix SSL key
+CN=ns1.uhu-banane.de
+emailAddress=postmaster@brehm-online.com
+
+
+[ cert_type ]
+nsCertType = server
+
+# vim: filetype=dosini
+++ /dev/null
-$shlib_directory/postfix-mysql.so:f:root:-:755
-$manpage_directory/man5/mysql_table.5.gz:f:root:-:644
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMdEjw58wsRFmrbJ
+JOhMBYHNgSlAY8POog2cqQWv0SPfK6eKMNWST6tnBrI/S6qc8aprOTr2JxDSoG8t
+gxl6CdAKNFi9xGrXowe7aY/Xk72AcsResm72P4RbEpYvfN2lQOXjNwhODZD+wyNy
+IOrj1NnHZ1f0mz+xhiZPJyyVD2QLAgMBAAECgYBC/gCeXUFZnRD7nLokwtIjJoTi
+6nvf64s9ykpk2AwW5EOX6vSqCKtyM4vjxzXYITV6FtxBv1m45Sb82a82lHnReIW5
+4ae927Ef38YEorcNS3oq6IRgGBWM0t5a58Jz5AAE6SePI/LgLgfCegGxTLfHkCKL
+b3lnZkhTvE7APqIhKQJBAObU7gc9vUkQyOSiuh04YvhHCA5IpW3aYQk9/SL+kPu2
+EehUEsJktT1inDdGnv8aolxtU/KFSj1GUvzvl8FmI50CQQDc/ppqeRDzrfA88Xi7
+rGVF9fVswphkFwxVIM8fOwStfmiPmn0KJ56YKlffs0DWzpfDWVenE5cK0oCxCJl+
+PvnHAkEAg45hZoEaaxUE2cGgftzPEx8wiSuAFP68BQ9uQM6DBOI8jIO1+VJ6NNUJ
+oTs/jLa6SCELEhJDQG7fB0bp35B9xQJAVxqG9GZpdxJcuTiX1Kjbddq+9DIy7Ghl
+NPxshqu1aUiEn+1NUX5SNTmjTwmRCdl92cJSGQlQpDRaAu0Xyrm5qwJBAIjBYKpg
+0TaEw6g3rmXh2uUcKX8r0y+PdC5E3jplzTUwym2VV6shfyJ6CihvR6Ob3IGyQyBa
+mThe7HFiFVBwl1w=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAmSgAwIBAgIJAPgeULySAVERMA0GCSqGSIb3DQEBCwUAMIGzMQswCQYD
+VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xFDASBgNV
+BAoMC0ZyYW5rIEJyZWhtMSQwIgYDVQQLDBtNYWlsIFNlcnZlciBQb3N0Zml4IFNT
+TCBrZXkxGjAYBgNVBAMMEW5zMS51aHUtYmFuYW5lLmRlMSowKAYJKoZIhvcNAQkB
+Fhtwb3N0bWFzdGVyQGJyZWhtLW9ubGluZS5jb20wHhcNMTYwMzA3MTc1NTIwWhcN
+MjYwMzA1MTc1NTIwWjCBszELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEP
+MA0GA1UEBwwGQmVybGluMRQwEgYDVQQKDAtGcmFuayBCcmVobTEkMCIGA1UECwwb
+TWFpbCBTZXJ2ZXIgUG9zdGZpeCBTU0wga2V5MRowGAYDVQQDDBFuczEudWh1LWJh
+bmFuZS5kZTEqMCgGCSqGSIb3DQEJARYbcG9zdG1hc3RlckBicmVobS1vbmxpbmUu
+Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHRI8OfMLERZq2ySToTAWB
+zYEpQGPDzqINnKkFr9Ej3yunijDVkk+rZwayP0uqnPGqazk69icQ0qBvLYMZegnQ
+CjRYvcRq16MHu2mP15O9gHLEXrJu9j+EWxKWL3zdpUDl4zcITg2Q/sMjciDq49TZ
+x2dX9Js/sYYmTycslQ9kCwIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ
+KoZIhvcNAQELBQADgYEAK+nnUT4gsgjNofap8Z1YGMQ7rRHoWZ7iWk/4tIXLT+z5
+7OrCy+RbIqgV9Wv+I2ohsSew84Npq2T/Hc+tHUaCf5WQ+i/OTXSzIzxqEuf2ZVCG
+qR1uMUJKRQ4GScdqKDdRNdJ5E4mDqTFYUDr5X0HOe3BAv0lL/fbZL2CcC5wgCvg=
+-----END CERTIFICATE-----
+-----BEGIN DH PARAMETERS-----
+MEYCQQCD3bneuI1Rv1gt8IqX8lNfte2Wd+4XoNLHmT9WbMJgpofrT/Nptx+8RHor
+W/A2qUEfE+XjdBdmvzAlNC5drk8DAgEC
+-----END DH PARAMETERS-----
+++ /dev/null
-# Rules are evaluated in the order as specified.
-#1.2.3.4 permit
-#2.3.4.5 reject
-
-# Permit local clients
-127.0.0.0/8 permit
-192.168.254.0/24 permit
-81.169.181.159 permit
+++ /dev/null
-# Secret DNSBL name Name in postscreen(8) replies
+++ /dev/null
-
-apache@teehaus-shila.de OK
--- /dev/null
+# Managed by config management
+# Don't change it manually
+#
+
+mail.brehm-online.com vmail:uhu
+helga-six.brehm-online.com vmail:uhu
+mail.uhu-banane.net vmail@uhu-banane.net:up2UdLCE
+
+
+# vim: syntax=conf ts=8
projects / config / sarah / etc.git / commitdiff