From 4661a79456a5ae0646418b7f2fdea678edcad258 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Sun, 25 Apr 2021 20:24:33 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to apt run --- .etckeeper | 125 ++- {postfix => postfix.old}/aliases | 0 {postfix => postfix.old}/aliases.db | Bin {postfix => postfix.old}/body_checks.pcre | 0 .../disclaimer/default.txt | 0 postfix.old/dynamicmaps.cf | 7 + {postfix => postfix.old}/header_checks | 0 {postfix => postfix.old}/helo_access.pcre | 0 .../helo_access.pcre.2016.07.20.08.58.54 | 0 postfix.old/main.cf | 314 ++++++ .../main.cf.2016.07.20.08.58.54 | 0 .../main.cf.2016.07.20.09.03.50 | 0 .../main.cf.2021-01-06_22-34-07 | 0 postfix.old/main.cf.proto | 684 +++++++++++++ postfix.old/makedefs.out | 1 + postfix.old/master.cf | 168 ++++ .../master.cf.2016.07.20.08.58.54 | 0 .../master.cf.2016.07.20.09.03.50 | 0 postfix.old/master.cf.proto | 124 +++ .../mysql/catchall_maps.cf | 0 .../mysql/domain_alias_catchall_maps.cf | 0 .../mysql/domain_alias_maps.cf | 0 .../mysql/recipient_bcc_maps_domain.cf | 0 .../mysql/recipient_bcc_maps_user.cf | 0 .../mysql/relay_domains.cf | 0 .../mysql/sender_bcc_maps_domain.cf | 0 .../mysql/sender_bcc_maps_user.cf | 0 .../mysql/sender_dependent_relayhost_maps.cf | 0 .../mysql/sender_login_maps.cf | 0 .../mysql/transport_maps_domain.cf | 0 .../mysql/transport_maps_user.cf | 0 .../mysql/virtual_alias_maps.cf | 0 .../mysql/virtual_mailbox_domains.cf | 0 .../mysql/virtual_mailbox_maps.cf | 0 postfix.old/post-install | 925 ++++++++++++++++++ postfix.old/postfix-files | 223 +++++ .../postfix-files.d/mysql.files | 0 postfix.old/postfix-files.d/pcre.files | 3 + postfix.old/postfix-files.d/sqlite.files | 2 + postfix.old/postfix-script | 478 +++++++++ .../postscreen_access.cidr | 0 .../postscreen_dnsbl_reply | 0 {postfix => postfix.old}/sender_access.pcre | 0 postfix/dynamicmaps.cf | 1 - postfix/main.cf | 367 ++----- postfix/master.cf | 128 +-- postfix/mkpostfixcert | 40 + postfix/postfix-cert.cnf | 23 + postfix/postfix.pem | 38 + postfix/smtp_auth | 10 + postfix/smtp_auth.db | Bin 0 -> 12288 bytes 51 files changed, 3226 insertions(+), 435 deletions(-) rename {postfix => postfix.old}/aliases (100%) rename {postfix => postfix.old}/aliases.db (100%) rename {postfix => postfix.old}/body_checks.pcre (100%) rename {postfix => postfix.old}/disclaimer/default.txt (100%) create mode 100644 postfix.old/dynamicmaps.cf rename {postfix => postfix.old}/header_checks (100%) rename {postfix => postfix.old}/helo_access.pcre (100%) rename {postfix => postfix.old}/helo_access.pcre.2016.07.20.08.58.54 (100%) create mode 100644 postfix.old/main.cf rename {postfix => postfix.old}/main.cf.2016.07.20.08.58.54 (100%) rename {postfix => postfix.old}/main.cf.2016.07.20.09.03.50 (100%) rename {postfix => postfix.old}/main.cf.2021-01-06_22-34-07 (100%) create mode 100644 postfix.old/main.cf.proto create mode 120000 postfix.old/makedefs.out create mode 100644 postfix.old/master.cf rename {postfix => postfix.old}/master.cf.2016.07.20.08.58.54 (100%) rename {postfix => postfix.old}/master.cf.2016.07.20.09.03.50 (100%) create mode 100644 postfix.old/master.cf.proto rename {postfix => postfix.old}/mysql/catchall_maps.cf (100%) rename {postfix => postfix.old}/mysql/domain_alias_catchall_maps.cf (100%) rename {postfix => postfix.old}/mysql/domain_alias_maps.cf (100%) rename {postfix => postfix.old}/mysql/recipient_bcc_maps_domain.cf (100%) rename {postfix => postfix.old}/mysql/recipient_bcc_maps_user.cf (100%) rename {postfix => postfix.old}/mysql/relay_domains.cf (100%) rename {postfix => postfix.old}/mysql/sender_bcc_maps_domain.cf (100%) rename {postfix => postfix.old}/mysql/sender_bcc_maps_user.cf (100%) rename {postfix => postfix.old}/mysql/sender_dependent_relayhost_maps.cf (100%) rename {postfix => postfix.old}/mysql/sender_login_maps.cf (100%) rename {postfix => postfix.old}/mysql/transport_maps_domain.cf (100%) rename {postfix => postfix.old}/mysql/transport_maps_user.cf (100%) rename {postfix => postfix.old}/mysql/virtual_alias_maps.cf (100%) rename {postfix => postfix.old}/mysql/virtual_mailbox_domains.cf (100%) rename {postfix => postfix.old}/mysql/virtual_mailbox_maps.cf (100%) create mode 100755 postfix.old/post-install create mode 100644 postfix.old/postfix-files rename {postfix => postfix.old}/postfix-files.d/mysql.files (100%) create mode 100644 postfix.old/postfix-files.d/pcre.files create mode 100644 postfix.old/postfix-files.d/sqlite.files create mode 100755 postfix.old/postfix-script rename {postfix => postfix.old}/postscreen_access.cidr (100%) rename {postfix => postfix.old}/postscreen_dnsbl_reply (100%) rename {postfix => postfix.old}/sender_access.pcre (100%) create mode 100755 postfix/mkpostfixcert create mode 100644 postfix/postfix-cert.cnf create mode 100644 postfix/postfix.pem create mode 100644 postfix/smtp_auth create mode 100644 postfix/smtp_auth.db diff --git a/.etckeeper b/.etckeeper index d65585e..bdc2794 100755 --- a/.etckeeper +++ b/.etckeeper @@ -43,6 +43,8 @@ mkdir -p './network/interfaces.d' mkdir -p './opt' mkdir -p './perl/CPAN' mkdir -p './phpmyadmin/conf.d' +mkdir -p './postfix.old/dynamicmaps.cf.d' +mkdir -p './postfix.old/sasl' mkdir -p './postfix/dynamicmaps.cf.d' mkdir -p './postfix/sasl' mkdir -p './salt/proxy.d' @@ -1515,71 +1517,90 @@ maybe chmod 0644 'phpmyadmin/lighttpd.conf' maybe chmod 0644 'phpmyadmin/phpmyadmin.desktop' maybe chmod 0644 'phpmyadmin/phpmyadmin.service' maybe chmod 0755 'postfix' -maybe chmod 0644 'postfix/aliases' -maybe chmod 0644 'postfix/aliases.db' -maybe chgrp 'postfix' 'postfix/body_checks.pcre' -maybe chmod 0640 'postfix/body_checks.pcre' -maybe chmod 0755 'postfix/disclaimer' -maybe chmod 0644 'postfix/disclaimer/default.txt' +maybe chmod 0755 'postfix.old' +maybe chmod 0644 'postfix.old/aliases' +maybe chmod 0644 'postfix.old/aliases.db' +maybe chgrp 'postfix' 'postfix.old/body_checks.pcre' +maybe chmod 0640 'postfix.old/body_checks.pcre' +maybe chmod 0755 'postfix.old/disclaimer' +maybe chmod 0644 'postfix.old/disclaimer/default.txt' +maybe chmod 0644 'postfix.old/dynamicmaps.cf' +maybe chmod 0755 'postfix.old/dynamicmaps.cf.d' +maybe chgrp 'postfix' 'postfix.old/header_checks' +maybe chmod 0640 'postfix.old/header_checks' +maybe chgrp 'postfix' 'postfix.old/helo_access.pcre' +maybe chmod 0640 'postfix.old/helo_access.pcre' +maybe chmod 0640 'postfix.old/helo_access.pcre.2016.07.20.08.58.54' +maybe chmod 0644 'postfix.old/main.cf' +maybe chmod 0644 'postfix.old/main.cf.2016.07.20.08.58.54' +maybe chmod 0644 'postfix.old/main.cf.2016.07.20.09.03.50' +maybe chmod 0644 'postfix.old/main.cf.2021-01-06_22-34-07' +maybe chmod 0644 'postfix.old/main.cf.proto' +maybe chmod 0644 'postfix.old/master.cf' +maybe chmod 0644 'postfix.old/master.cf.2016.07.20.08.58.54' +maybe chmod 0644 'postfix.old/master.cf.2016.07.20.09.03.50' +maybe chmod 0644 'postfix.old/master.cf.proto' +maybe chmod 0755 'postfix.old/mysql' +maybe chgrp 'postfix' 'postfix.old/mysql/catchall_maps.cf' +maybe chmod 0640 'postfix.old/mysql/catchall_maps.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/domain_alias_catchall_maps.cf' +maybe chmod 0640 'postfix.old/mysql/domain_alias_catchall_maps.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/domain_alias_maps.cf' +maybe chmod 0640 'postfix.old/mysql/domain_alias_maps.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/recipient_bcc_maps_domain.cf' +maybe chmod 0640 'postfix.old/mysql/recipient_bcc_maps_domain.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/recipient_bcc_maps_user.cf' +maybe chmod 0640 'postfix.old/mysql/recipient_bcc_maps_user.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/relay_domains.cf' +maybe chmod 0640 'postfix.old/mysql/relay_domains.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/sender_bcc_maps_domain.cf' +maybe chmod 0640 'postfix.old/mysql/sender_bcc_maps_domain.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/sender_bcc_maps_user.cf' +maybe chmod 0640 'postfix.old/mysql/sender_bcc_maps_user.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/sender_dependent_relayhost_maps.cf' +maybe chmod 0640 'postfix.old/mysql/sender_dependent_relayhost_maps.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/sender_login_maps.cf' +maybe chmod 0640 'postfix.old/mysql/sender_login_maps.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/transport_maps_domain.cf' +maybe chmod 0640 'postfix.old/mysql/transport_maps_domain.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/transport_maps_user.cf' +maybe chmod 0640 'postfix.old/mysql/transport_maps_user.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/virtual_alias_maps.cf' +maybe chmod 0640 'postfix.old/mysql/virtual_alias_maps.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/virtual_mailbox_domains.cf' +maybe chmod 0640 'postfix.old/mysql/virtual_mailbox_domains.cf' +maybe chgrp 'postfix' 'postfix.old/mysql/virtual_mailbox_maps.cf' +maybe chmod 0640 'postfix.old/mysql/virtual_mailbox_maps.cf' +maybe chmod 0755 'postfix.old/post-install' +maybe chmod 0644 'postfix.old/postfix-files' +maybe chmod 0755 'postfix.old/postfix-files.d' +maybe chmod 0644 'postfix.old/postfix-files.d/mysql.files' +maybe chmod 0644 'postfix.old/postfix-files.d/pcre.files' +maybe chmod 0644 'postfix.old/postfix-files.d/sqlite.files' +maybe chmod 0755 'postfix.old/postfix-script' +maybe chmod 0644 'postfix.old/postscreen_access.cidr' +maybe chmod 0644 'postfix.old/postscreen_dnsbl_reply' +maybe chmod 0755 'postfix.old/sasl' +maybe chgrp 'postfix' 'postfix.old/sender_access.pcre' +maybe chmod 0640 'postfix.old/sender_access.pcre' maybe chmod 0644 'postfix/dynamicmaps.cf' maybe chmod 0755 'postfix/dynamicmaps.cf.d' -maybe chgrp 'postfix' 'postfix/header_checks' -maybe chmod 0640 'postfix/header_checks' -maybe chgrp 'postfix' 'postfix/helo_access.pcre' -maybe chmod 0640 'postfix/helo_access.pcre' -maybe chmod 0640 'postfix/helo_access.pcre.2016.07.20.08.58.54' maybe chmod 0644 'postfix/main.cf' -maybe chmod 0644 'postfix/main.cf.2016.07.20.08.58.54' -maybe chmod 0644 'postfix/main.cf.2016.07.20.09.03.50' -maybe chmod 0644 'postfix/main.cf.2021-01-06_22-34-07' maybe chmod 0644 'postfix/main.cf.proto' maybe chmod 0644 'postfix/master.cf' -maybe chmod 0644 'postfix/master.cf.2016.07.20.08.58.54' -maybe chmod 0644 'postfix/master.cf.2016.07.20.09.03.50' maybe chmod 0644 'postfix/master.cf.proto' -maybe chmod 0755 'postfix/mysql' -maybe chgrp 'postfix' 'postfix/mysql/catchall_maps.cf' -maybe chmod 0640 'postfix/mysql/catchall_maps.cf' -maybe chgrp 'postfix' 'postfix/mysql/domain_alias_catchall_maps.cf' -maybe chmod 0640 'postfix/mysql/domain_alias_catchall_maps.cf' -maybe chgrp 'postfix' 'postfix/mysql/domain_alias_maps.cf' -maybe chmod 0640 'postfix/mysql/domain_alias_maps.cf' -maybe chgrp 'postfix' 'postfix/mysql/recipient_bcc_maps_domain.cf' -maybe chmod 0640 'postfix/mysql/recipient_bcc_maps_domain.cf' -maybe chgrp 'postfix' 'postfix/mysql/recipient_bcc_maps_user.cf' -maybe chmod 0640 'postfix/mysql/recipient_bcc_maps_user.cf' -maybe chgrp 'postfix' 'postfix/mysql/relay_domains.cf' -maybe chmod 0640 'postfix/mysql/relay_domains.cf' -maybe chgrp 'postfix' 'postfix/mysql/sender_bcc_maps_domain.cf' -maybe chmod 0640 'postfix/mysql/sender_bcc_maps_domain.cf' -maybe chgrp 'postfix' 'postfix/mysql/sender_bcc_maps_user.cf' -maybe chmod 0640 'postfix/mysql/sender_bcc_maps_user.cf' -maybe chgrp 'postfix' 'postfix/mysql/sender_dependent_relayhost_maps.cf' -maybe chmod 0640 'postfix/mysql/sender_dependent_relayhost_maps.cf' -maybe chgrp 'postfix' 'postfix/mysql/sender_login_maps.cf' -maybe chmod 0640 'postfix/mysql/sender_login_maps.cf' -maybe chgrp 'postfix' 'postfix/mysql/transport_maps_domain.cf' -maybe chmod 0640 'postfix/mysql/transport_maps_domain.cf' -maybe chgrp 'postfix' 'postfix/mysql/transport_maps_user.cf' -maybe chmod 0640 'postfix/mysql/transport_maps_user.cf' -maybe chgrp 'postfix' 'postfix/mysql/virtual_alias_maps.cf' -maybe chmod 0640 'postfix/mysql/virtual_alias_maps.cf' -maybe chgrp 'postfix' 'postfix/mysql/virtual_mailbox_domains.cf' -maybe chmod 0640 'postfix/mysql/virtual_mailbox_domains.cf' -maybe chgrp 'postfix' 'postfix/mysql/virtual_mailbox_maps.cf' -maybe chmod 0640 'postfix/mysql/virtual_mailbox_maps.cf' +maybe chmod 0744 'postfix/mkpostfixcert' maybe chmod 0755 'postfix/post-install' +maybe chmod 0644 'postfix/postfix-cert.cnf' maybe chmod 0644 'postfix/postfix-files' maybe chmod 0755 'postfix/postfix-files.d' -maybe chmod 0644 'postfix/postfix-files.d/mysql.files' maybe chmod 0644 'postfix/postfix-files.d/pcre.files' maybe chmod 0644 'postfix/postfix-files.d/sqlite.files' maybe chmod 0755 'postfix/postfix-script' -maybe chmod 0644 'postfix/postscreen_access.cidr' -maybe chmod 0644 'postfix/postscreen_dnsbl_reply' +maybe chmod 0600 'postfix/postfix.pem' maybe chmod 0755 'postfix/sasl' -maybe chgrp 'postfix' 'postfix/sender_access.pcre' -maybe chmod 0640 'postfix/sender_access.pcre' +maybe chmod 0600 'postfix/smtp_auth' +maybe chmod 0600 'postfix/smtp_auth.db' maybe chmod 0755 'ppp' maybe chmod 0755 'ppp/ip-down.d' maybe chmod 0755 'ppp/ip-down.d/bind9' diff --git a/postfix/aliases b/postfix.old/aliases similarity index 100% rename from postfix/aliases rename to postfix.old/aliases diff --git a/postfix/aliases.db b/postfix.old/aliases.db similarity index 100% rename from postfix/aliases.db rename to postfix.old/aliases.db diff --git a/postfix/body_checks.pcre b/postfix.old/body_checks.pcre similarity index 100% rename from postfix/body_checks.pcre rename to postfix.old/body_checks.pcre diff --git a/postfix/disclaimer/default.txt b/postfix.old/disclaimer/default.txt similarity index 100% rename from postfix/disclaimer/default.txt rename to postfix.old/disclaimer/default.txt diff --git a/postfix.old/dynamicmaps.cf b/postfix.old/dynamicmaps.cf new file mode 100644 index 0000000..99de784 --- /dev/null +++ b/postfix.old/dynamicmaps.cf @@ -0,0 +1,7 @@ +# Postfix dynamic maps configuration file. +# +#type location of .so file open function (mkmap func) +#==== ================================ ============= ============ +pcre postfix-pcre.so dict_pcre_open +sqlite postfix-sqlite.so dict_sqlite_open +mysql postfix-mysql.so dict_mysql_open diff --git a/postfix/header_checks b/postfix.old/header_checks similarity index 100% rename from postfix/header_checks rename to postfix.old/header_checks diff --git a/postfix/helo_access.pcre b/postfix.old/helo_access.pcre similarity index 100% rename from postfix/helo_access.pcre rename to postfix.old/helo_access.pcre diff --git a/postfix/helo_access.pcre.2016.07.20.08.58.54 b/postfix.old/helo_access.pcre.2016.07.20.08.58.54 similarity index 100% rename from postfix/helo_access.pcre.2016.07.20.08.58.54 rename to postfix.old/helo_access.pcre.2016.07.20.08.58.54 diff --git a/postfix.old/main.cf b/postfix.old/main.cf new file mode 100644 index 0000000..8f34ba2 --- /dev/null +++ b/postfix.old/main.cf @@ -0,0 +1,314 @@ +# -------------------- +# INSTALL-TIME CONFIGURATION INFORMATION +# +# location of the Postfix queue. Default is /var/spool/postfix. +queue_directory = /var/spool/postfix + +# location of all postXXX commands. Default is /usr/sbin. +command_directory = /usr/sbin + +# location of all Postfix daemon programs (i.e. programs listed in the +# master.cf file). This directory must be owned by root. +# Default is /usr/libexec/postfix +#daemon_directory = /usr/lib/postfix + +# location of Postfix-writable data files (caches, random numbers). +# This directory must be owned by the mail_owner account (see below). +# Default is /var/lib/postfix. +data_directory = /var/lib/postfix + +# owner of the Postfix queue and of most Postfix daemon processes. +# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID +# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. +# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER. +# Default is postfix. +mail_owner = postfix + +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/sbin/sendmail + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/bin/newaliases + +# full pathname of the Postfix mailq command. This is the Sendmail-compatible +# mail queue listing command. +mailq_path = /usr/bin/mailq + +# group for mail submission and queue management commands. +# This must be a group name with a numerical group ID that is not shared with +# other accounts, not even with the Postfix account. +setgid_group = postdrop + +# external command that is executed when a Postfix daemon program is run with +# the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +debug_peer_level = 2 + +# -------------------- +# CUSTOM SETTINGS +# + +# SMTP server response code when recipient or domain not found. +unknown_local_recipient_reject_code = 550 + +# Do not notify local user. +biff = no + +# Disable the rewriting of "site!user" into "user@site". +swap_bangpath = no + +# Disable the rewriting of the form "user%domain" to "user@domain". +allow_percent_hack = no + +# Allow recipient address start with '-'. +allow_min_user = no + +# Disable the SMTP VRFY command. This stops some techniques used to +# harvest email addresses. +disable_vrfy_command = yes + +# Enable both IPv4 and/or IPv6: ipv4, ipv6, all. +inet_protocols = all + +# Enable all network interfaces. +inet_interfaces = all + +# +# TLS settings. +# +# SSL key, certificate, CA +# +smtpd_tls_key_file = /etc/letsencrypt/live/mail.uhu-banane.net/privkey.pem +smtpd_tls_cert_file = /etc/letsencrypt/live/mail.uhu-banane.net/fullchain.pem +smtpd_tls_CAfile = $smtpd_tls_cert_file + +# +# Disable SSLv2, SSLv3 +# +smtpd_tls_protocols = !SSLv2 !SSLv3 +smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 +smtp_tls_protocols = !SSLv2 !SSLv3 +smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 +lmtp_tls_protocols = !SSLv2 !SSLv3 +lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 + +# +# Fix 'The Logjam Attack'. +# +smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA +smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem +smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem + +tls_random_source = dev:/dev/urandom + +# Log only a summary message on TLS handshake completion — no logging of client +# certificate trust-chain verification errors if client certificate +# verification is not required. With Postfix 2.8 and earlier, log the summary +# message, peer certificate summary information and unconditionally log +# trust-chain verification errors. +smtp_tls_loglevel = 1 +smtpd_tls_loglevel = 1 + +# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do +# not require that clients use TLS encryption. +smtpd_tls_security_level = may + +# Produce `Received:` message headers that include information about the +# protocol and cipher used, as well as the remote SMTP client CommonName and +# client certificate issuer CommonName. +# This is disabled by default, as the information may be modified in transit +# through other mail servers. Only information that was recorded by the final +# destination can be trusted. +#smtpd_tls_received_header = yes + +# Opportunistic TLS, used when Postfix sends email to remote SMTP server. +# Use TLS if this is supported by the remote SMTP server, otherwise use +# plaintext. +# References: +# - http://www.postfix.org/TLS_README.html#client_tls_may +# - http://www.postfix.org/postconf.5.html#smtp_tls_security_level +smtp_tls_security_level = may + +# Use the same CA file as smtpd. +smtp_tls_CAfile = $smtpd_tls_cert_file +smtp_tls_note_starttls_offer = yes + +# Enable long, non-repeating, queue IDs (queue file names). +# The benefit of non-repeating names is simpler logfile analysis and easier +# queue migration (there is no need to run "postsuper" to change queue file +# names that don't match their message file inode number). +#enable_long_queue_ids = yes + +# Reject unlisted sender and recipient +smtpd_reject_unlisted_recipient = yes +smtpd_reject_unlisted_sender = yes + +# Header and body checks with PCRE table +header_checks = pcre:/etc/postfix/header_checks +body_checks = pcre:/etc/postfix/body_checks.pcre + +# HELO restriction +smtpd_helo_required = yes +smtpd_helo_restrictions = + permit_mynetworks + permit_sasl_authenticated + reject_non_fqdn_helo_hostname + reject_invalid_helo_hostname + check_helo_access pcre:/etc/postfix/helo_access.pcre + +# Sender restrictions +smtpd_sender_restrictions = + reject_unknown_sender_domain + reject_non_fqdn_sender + reject_unlisted_sender + permit_mynetworks + permit_sasl_authenticated + check_sender_access pcre:/etc/postfix/sender_access.pcre + +# Recipient restrictions +smtpd_recipient_restrictions = + reject_unknown_recipient_domain + reject_non_fqdn_recipient + reject_unlisted_recipient + permit_mynetworks + permit_sasl_authenticated + reject_unauth_destination + + # check_policy_service inet:127.0.0.1:7777 + +# Data restrictions +smtpd_data_restrictions = reject_unauth_pipelining + +# END-OF-MESSAGE restrictions +smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777 + +proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps + +# Avoid duplicate recipient messages. Default is 'yes'. +enable_original_recipient = no + +# Virtual support. +virtual_minimum_uid = 2000 +virtual_uid_maps = static:2000 +virtual_gid_maps = static:2000 +virtual_mailbox_base = /home/vmail + +# Do not set virtual_alias_domains. +virtual_alias_domains = + +# +# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication. +# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should +# be forced to submit email through port 587 instead. +# +#smtpd_sasl_auth_enable = yes +#smtpd_tls_auth_only = yes +#smtpd_sasl_security_options = noanonymous + +# hostname +myhostname = mail.uhu-banane.net +myorigin = mail.uhu-banane.net +mydomain = uhu-banane.net + +# trusted SMTP clients which are allowed to relay mail through Postfix. +# +# Note: additional IP addresses/networks listed in mynetworks should be listed +# in iRedAPD setting 'MYNETWORKS' too. for example: +# +# MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...] +# +mynetworks = 127.0.0.1, 185.48.118.130, 10.12.20.5, [2001:6f8:1db7::5] + +# Accepted local emails +mydestination = $myhostname, sarah.uhu-banane.de, localhost, localhost.localdomain + +alias_maps = hash:/etc/postfix/aliases +alias_database = hash:/etc/postfix/aliases + +# Default message_size_limit. +message_size_limit = 52428800 + +# The set of characters that can separate a user name from its extension +# (example: user+foo), or a .forward file name from its extension (example: +# .forward+foo). +# Postfix 2.11 and later supports multiple characters. +recipient_delimiter = + + +# +# Lookup virtual mail accounts +# +transport_maps = + proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf + proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf + +sender_dependent_relayhost_maps = + proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf + +# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses. +smtpd_sender_login_maps = + proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf + +virtual_mailbox_domains = + proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf + +relay_domains = + $mydestination + proxy:mysql:/etc/postfix/mysql/relay_domains.cf + +virtual_mailbox_maps = + proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf + +virtual_alias_maps = + proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf + proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf + proxy:mysql:/etc/postfix/mysql/catchall_maps.cf + proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf + +sender_bcc_maps = + proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf + proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf + +recipient_bcc_maps = + proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf + proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf +postscreen_dnsbl_threshold = 2 +postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2 +postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply +postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr +postscreen_greet_action = enforce +postscreen_dnsbl_action = enforce +postscreen_blacklist_action = enforce +postscreen_dnsbl_whitelist_threshold = -2 +# +# Dovecot SASL support. +# +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/dovecot-auth +virtual_transport = dovecot +dovecot_destination_recipient_limit = 1 +content_filter = smtp-amavis:[127.0.0.1]:10024 +smtp-amavis_destination_recipient_limit = 1 +mailbox_size_limit = 524288000 +smtpd_tls_received_header = yes + +# smtpd_milters = inet:localhost:8891 +# non_smtpd_milters = inet:localhost:8891 + +smtpd_banner = $myhostname ESMTP $mail_name $mail_version +smtpd_sasl_authenticated_header = yes +smtp_tls_cert_file = $smtpd_tls_cert_file +smtp_tls_key_file = $smtpd_tls_key_file diff --git a/postfix/main.cf.2016.07.20.08.58.54 b/postfix.old/main.cf.2016.07.20.08.58.54 similarity index 100% rename from postfix/main.cf.2016.07.20.08.58.54 rename to postfix.old/main.cf.2016.07.20.08.58.54 diff --git a/postfix/main.cf.2016.07.20.09.03.50 b/postfix.old/main.cf.2016.07.20.09.03.50 similarity index 100% rename from postfix/main.cf.2016.07.20.09.03.50 rename to postfix.old/main.cf.2016.07.20.09.03.50 diff --git a/postfix/main.cf.2021-01-06_22-34-07 b/postfix.old/main.cf.2021-01-06_22-34-07 similarity index 100% rename from postfix/main.cf.2021-01-06_22-34-07 rename to postfix.old/main.cf.2021-01-06_22-34-07 diff --git a/postfix.old/main.cf.proto b/postfix.old/main.cf.proto new file mode 100644 index 0000000..ff6f8d4 --- /dev/null +++ b/postfix.old/main.cf.proto @@ -0,0 +1,684 @@ +# Global Postfix configuration file. This file lists only a subset +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). +# +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. +# +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. + +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +compatibility_level = 2 + +# SOFT BOUNCE +# +# The soft_bounce parameter provides a limited safety net for +# testing. When soft_bounce is enabled, mail will remain queued that +# would otherwise bounce. This parameter disables locally-generated +# bounces, and prevents the SMTP server from rejecting mail permanently +# (by changing 5xx replies into 4xx replies). However, soft_bounce +# is no cure for address rewriting mistakes or mail routing mistakes. +# +#soft_bounce = no + +# LOCAL PATHNAME INFORMATION +# +# The queue_directory specifies the location of the Postfix queue. +# This is also the root directory of Postfix daemons that run chrooted. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. +# +#queue_directory = /var/spool/postfix + +# The command_directory parameter specifies the location of all +# postXXX commands. +# +command_directory = /usr/sbin + +# The daemon_directory parameter specifies the location of all Postfix +# daemon programs (i.e. programs listed in the master.cf file). This +# directory must be owned by root. +# +daemon_directory = /usr/lib/postfix/sbin + +# The data_directory parameter specifies the location of Postfix-writable +# data files (caches, random numbers). This directory must be owned +# by the mail_owner account (see below). +# +data_directory = /var/lib/postfix + +# QUEUE AND PROCESS OWNERSHIP +# +# The mail_owner parameter specifies the owner of the Postfix queue +# and of most Postfix daemon processes. Specify the name of a user +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED +# USER. +# +#mail_owner = postfix + +# The default_privs parameter specifies the default rights used by +# the local delivery agent for delivery to external file or command. +# These rights are used in the absence of a recipient user context. +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. +# +#default_privs = nobody + +# INTERNET HOST AND DOMAIN NAMES +# +# The myhostname parameter specifies the internet hostname of this +# mail system. The default is to use the fully-qualified domain name +# from gethostname(). $myhostname is used as a default value for many +# other configuration parameters. +# +#myhostname = host.domain.tld +#myhostname = virtual.domain.tld + +# The mydomain parameter specifies the local internet domain name. +# The default is to use $myhostname minus the first component. +# $mydomain is used as a default value for many other configuration +# parameters. +# +#mydomain = domain.tld + +# SENDING MAIL +# +# The myorigin parameter specifies the domain that locally-posted +# mail appears to come from. The default is to append $myhostname, +# which is fine for small sites. If you run a domain with multiple +# machines, you should (1) change this to $mydomain and (2) set up +# a domain-wide alias database that aliases each user to +# user@that.users.mailhost. +# +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# +# Debian GNU/Linux specific: Specifying a file name will cause the +# first line of that file to be used as the name. The Debian default +# is /etc/mailname. +# +#myorigin = /etc/mailname +#myorigin = $myhostname +#myorigin = $mydomain + +# RECEIVING MAIL + +# The inet_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on. By default, +# the software claims all active interfaces on the machine. The +# parameter also controls delivery of mail to user@[ip.address]. +# +# See also the proxy_interfaces parameter, for network addresses that +# are forwarded to us via a proxy or network address translator. +# +# Note: you need to stop/start Postfix when this parameter changes. +# +#inet_interfaces = all +#inet_interfaces = $myhostname +#inet_interfaces = $myhostname, localhost + +# The proxy_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on by way of a +# proxy or network address translation unit. This setting extends +# the address list specified with the inet_interfaces parameter. +# +# You must specify your proxy/NAT addresses when your system is a +# backup MX host for other domains, otherwise mail delivery loops +# will happen when the primary MX host is down. +# +#proxy_interfaces = +#proxy_interfaces = 1.2.3.4 + +# The mydestination parameter specifies the list of domains that this +# machine considers itself the final destination for. +# +# These domains are routed to the delivery agent specified with the +# local_transport parameter setting. By default, that is the UNIX +# compatible delivery agent that lookups all recipients in /etc/passwd +# and /etc/aliases or their equivalent. +# +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. +# +# Do not specify the names of virtual domains - those domains are +# specified elsewhere (see VIRTUAL_README). +# +# Do not specify the names of domains that this machine is backup MX +# host for. Specify those names via the relay_domains settings for +# the SMTP server, or use permit_mx_backup if you are lazy (see +# STANDARD_CONFIGURATION_README). +# +# The local machine is always the final destination for mail addressed +# to user@[the.net.work.address] of an interface that the mail system +# receives mail on (see the inet_interfaces parameter). +# +# Specify a list of host or domain names, /file/name or type:table +# patterns, separated by commas and/or whitespace. A /file/name +# pattern is replaced by its contents; a type:table is matched when +# a name matches a lookup key (the right-hand side is ignored). +# Continue long lines by starting the next line with whitespace. +# +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". +# +#mydestination = $myhostname, localhost.$mydomain, localhost +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, +# mail.$mydomain, www.$mydomain, ftp.$mydomain + +# REJECTING MAIL FOR UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names or addresses of users that are local with respect +# to $mydestination, $inet_interfaces or $proxy_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# To turn off local recipient checking in the SMTP server, specify +# local_recipient_maps = (i.e. empty). +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You define $mydestination domain recipients in files other than +# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. +# For example, you define $mydestination domain recipients in +# the $virtual_mailbox_maps files. +# +# - You redefine the local delivery agent in master.cf. +# +# - You redefine the "local_transport" setting in main.cf. +# +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" +# feature of the Postfix local delivery agent (see local(8)). +# +# Details are described in the LOCAL_RECIPIENT_README file. +# +# Beware: if the Postfix SMTP server runs chrooted, you probably have +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# +#local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps +#local_recipient_maps = + +# The unknown_local_recipient_reject_code specifies the SMTP server +# response code when a recipient domain matches $mydestination or +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty +# and the recipient address or address local-part is not found. +# +# The default setting is 550 (reject mail) but it is safer to start +# with 450 (try again later) until you are certain that your +# local_recipient_maps settings are OK. +# +unknown_local_recipient_reject_code = 550 + +# TRUST AND RELAY CONTROL + +# The mynetworks parameter specifies the list of "trusted" SMTP +# clients that have more privileges than "strangers". +# +# In particular, "trusted" SMTP clients are allowed to relay mail +# through Postfix. See the smtpd_recipient_restrictions parameter +# in postconf(5). +# +# You can specify the list of "trusted" network addresses by hand +# or you can let Postfix do it for you (which is the default). +# +# By default (mynetworks_style = subnet), Postfix "trusts" SMTP +# clients in the same IP subnetworks as the local machine. +# On Linux, this does works correctly only with interfaces specified +# with the "ifconfig" command. +# +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP +# clients in the same IP class A/B/C networks as the local machine. +# Don't do this with a dialup site - it would cause Postfix to "trust" +# your entire provider's network. Instead, specify an explicit +# mynetworks list by hand, as described below. +# +# Specify "mynetworks_style = host" when Postfix should "trust" +# only the local machine. +# +#mynetworks_style = class +#mynetworks_style = subnet +#mynetworks_style = host + +# Alternatively, you can specify the mynetworks list by hand, in +# which case Postfix ignores the mynetworks_style setting. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +#mynetworks = 168.100.189.0/28, 127.0.0.0/8 +#mynetworks = $config_directory/mynetworks +#mynetworks = hash:/etc/postfix/network_table +mynetworks = 127.0.0.0/8 + +# The relay_domains parameter restricts what destinations this system will +# relay mail to. See the smtpd_recipient_restrictions description in +# postconf(5) for detailed information. +# +# By default, Postfix relays mail +# - from "trusted" clients (IP address matches $mynetworks) to any destination, +# - from "untrusted" clients to destinations that match $relay_domains or +# subdomains thereof, except addresses with sender-specified routing. +# The default relay_domains value is $mydestination. +# +# In addition to the above, the Postfix SMTP server by default accepts mail +# that Postfix is final destination for: +# - destinations that match $inet_interfaces or $proxy_interfaces, +# - destinations that match $mydestination +# - destinations that match $virtual_alias_domains, +# - destinations that match $virtual_mailbox_domains. +# These destinations do not need to be listed in $relay_domains. +# +# Specify a list of hosts or domains, /file/name patterns or type:name +# lookup tables, separated by commas and/or whitespace. Continue +# long lines by starting the next line with whitespace. A file name +# is replaced by its contents; a type:name table is matched when a +# (parent) domain appears as lookup key. +# +# NOTE: Postfix will not automatically forward mail for domains that +# list this system as their primary or backup MX host. See the +# permit_mx_backup restriction description in postconf(5). +# +#relay_domains = $mydestination + +# INTERNET OR INTRANET + +# The relayhost parameter specifies the default host to send mail to +# when no entry is matched in the optional transport(5) table. When +# no relayhost is given, mail is routed directly to the destination. +# +# On an intranet, specify the organizational domain name. If your +# internal DNS uses no MX records, specify the name of the intranet +# gateway host instead. +# +# In the case of SMTP, specify a domain, host, host:port, [host]:port, +# [address] or [address]:port; the form [host] turns off MX lookups. +# +# If you're connected via UUCP, see also the default_transport parameter. +# +#relayhost = $mydomain +#relayhost = [gateway.my.domain] +#relayhost = [mailserver.isp.tld] +#relayhost = uucphost +#relayhost = [an.ip.add.ress] + +# REJECTING UNKNOWN RELAY USERS +# +# The relay_recipient_maps parameter specifies optional lookup tables +# with all addresses in the domains that match $relay_domains. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. +# +#relay_recipient_maps = hash:/etc/postfix/relay_recipients + +# INPUT RATE CONTROL +# +# The in_flow_delay configuration parameter implements mail input +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). +# +# A Postfix process will pause for $in_flow_delay seconds before +# accepting a new message, when the message arrival rate exceeds the +# message delivery rate. With the default 100 SMTP server process +# limit, this limits the mail inflow to 100 messages a second more +# than the number of messages delivered per second. +# +# Specify 0 to disable the feature. Valid delays are 0..10. +# +#in_flow_delay = 1s + +# ADDRESS REWRITING +# +# The ADDRESS_REWRITING_README document gives information about +# address masquerading or other forms of address rewriting including +# username->Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +#alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = dbm:/etc/mail/aliases +#alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_user. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /usr/bin/procmail +#mailbox_command = /usr/bin/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/file/name +#fallback_transport = cyrus +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:/etc/postfix/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) + + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +#debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen sesssion, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = + +# readme_directory: The location of the Postfix README files. +# +readme_directory = +inet_protocols = ipv4 diff --git a/postfix.old/makedefs.out b/postfix.old/makedefs.out new file mode 120000 index 0000000..c8ae63e --- /dev/null +++ b/postfix.old/makedefs.out @@ -0,0 +1 @@ +/usr/share/postfix/makedefs.out \ No newline at end of file diff --git a/postfix.old/master.cf b/postfix.old/master.cf new file mode 100644 index 0000000..6b0256c --- /dev/null +++ b/postfix.old/master.cf @@ -0,0 +1,168 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (yes) (never) (100) +# ========================================================================== +#smtp inet n - - - - smtpd +smtp inet n - - - 1 postscreen +smtpd pass - - - - - smtpd +dnsblog unix - - - - 0 dnsblog +tlsproxy unix - - - - 0 tlsproxy +#submission inet n - - - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#smtps inet n - - - - smtpd +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - - - - qmqpd +pickup unix n - - 60 1 pickup + -o content_filter=smtp-amavis:[127.0.0.1]:10026 +cleanup unix n - - - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - - 1000? 1 tlsmgr +rewrite unix - - - - - trivial-rewrite +bounce unix - - - - 0 bounce +defer unix - - - - 0 bounce +trace unix - - - - 0 bounce +verify unix - - - - 1 verify +flush unix n - - 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - - - - smtp +relay unix - - - - - smtp +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - - - - showq +error unix - - - - - error +retry unix - - - - - error +discard unix - - - - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - - - - lmtp +anvil unix - - - - 1 anvil +scache unix - - - - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + +# Submission, port 587, force TLS connection. +submission inet n - n - - smtpd + -o syslog_name=postfix/submission + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject + -o content_filter=smtp-amavis:[127.0.0.1]:10026 + +# Use dovecot's `deliver` program as LDA. +dovecot unix - n n - - pipe + flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension} + +# Amavisd integration. +smtp-amavis unix - - n - 2 smtp + -o smtp_data_done_timeout=1200 + -o smtp_send_xforward_command=yes + -o disable_dns_lookups=yes + -o max_use=20 + +127.0.0.1:10025 inet n - n - - smtpd + -o content_filter= + -o mynetworks_style=host + -o mynetworks=127.0.0.0/8 + -o local_recipient_maps= + -o relay_recipient_maps= + -o strict_rfc821_envelopes=yes + -o smtp_tls_security_level=none + -o smtpd_tls_security_level=none + -o smtpd_restriction_classes= + -o smtpd_delay_reject=no + -o smtpd_client_restrictions=permit_mynetworks,reject + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o smtpd_end_of_data_restrictions= + -o smtpd_error_sleep_time=0 + -o smtpd_soft_error_limit=1001 + -o smtpd_hard_error_limit=1000 + -o smtpd_client_connection_count_limit=0 + -o smtpd_client_connection_rate_limit=0 + -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings,no_milters + +# vim: ts=4 diff --git a/postfix/master.cf.2016.07.20.08.58.54 b/postfix.old/master.cf.2016.07.20.08.58.54 similarity index 100% rename from postfix/master.cf.2016.07.20.08.58.54 rename to postfix.old/master.cf.2016.07.20.08.58.54 diff --git a/postfix/master.cf.2016.07.20.09.03.50 b/postfix.old/master.cf.2016.07.20.09.03.50 similarity index 100% rename from postfix/master.cf.2016.07.20.09.03.50 rename to postfix.old/master.cf.2016.07.20.09.03.50 diff --git a/postfix.old/master.cf.proto b/postfix.old/master.cf.proto new file mode 100644 index 0000000..ff58b4d --- /dev/null +++ b/postfix.old/master.cf.proto @@ -0,0 +1,124 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - y - - smtpd +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#smtps inet n - y - - smtpd +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + diff --git a/postfix/mysql/catchall_maps.cf b/postfix.old/mysql/catchall_maps.cf similarity index 100% rename from postfix/mysql/catchall_maps.cf rename to postfix.old/mysql/catchall_maps.cf diff --git a/postfix/mysql/domain_alias_catchall_maps.cf b/postfix.old/mysql/domain_alias_catchall_maps.cf similarity index 100% rename from postfix/mysql/domain_alias_catchall_maps.cf rename to postfix.old/mysql/domain_alias_catchall_maps.cf diff --git a/postfix/mysql/domain_alias_maps.cf b/postfix.old/mysql/domain_alias_maps.cf similarity index 100% rename from postfix/mysql/domain_alias_maps.cf rename to postfix.old/mysql/domain_alias_maps.cf diff --git a/postfix/mysql/recipient_bcc_maps_domain.cf b/postfix.old/mysql/recipient_bcc_maps_domain.cf similarity index 100% rename from postfix/mysql/recipient_bcc_maps_domain.cf rename to postfix.old/mysql/recipient_bcc_maps_domain.cf diff --git a/postfix/mysql/recipient_bcc_maps_user.cf b/postfix.old/mysql/recipient_bcc_maps_user.cf similarity index 100% rename from postfix/mysql/recipient_bcc_maps_user.cf rename to postfix.old/mysql/recipient_bcc_maps_user.cf diff --git a/postfix/mysql/relay_domains.cf b/postfix.old/mysql/relay_domains.cf similarity index 100% rename from postfix/mysql/relay_domains.cf rename to postfix.old/mysql/relay_domains.cf diff --git a/postfix/mysql/sender_bcc_maps_domain.cf b/postfix.old/mysql/sender_bcc_maps_domain.cf similarity index 100% rename from postfix/mysql/sender_bcc_maps_domain.cf rename to postfix.old/mysql/sender_bcc_maps_domain.cf diff --git a/postfix/mysql/sender_bcc_maps_user.cf b/postfix.old/mysql/sender_bcc_maps_user.cf similarity index 100% rename from postfix/mysql/sender_bcc_maps_user.cf rename to postfix.old/mysql/sender_bcc_maps_user.cf diff --git a/postfix/mysql/sender_dependent_relayhost_maps.cf b/postfix.old/mysql/sender_dependent_relayhost_maps.cf similarity index 100% rename from postfix/mysql/sender_dependent_relayhost_maps.cf rename to postfix.old/mysql/sender_dependent_relayhost_maps.cf diff --git a/postfix/mysql/sender_login_maps.cf b/postfix.old/mysql/sender_login_maps.cf similarity index 100% rename from postfix/mysql/sender_login_maps.cf rename to postfix.old/mysql/sender_login_maps.cf diff --git a/postfix/mysql/transport_maps_domain.cf b/postfix.old/mysql/transport_maps_domain.cf similarity index 100% rename from postfix/mysql/transport_maps_domain.cf rename to postfix.old/mysql/transport_maps_domain.cf diff --git a/postfix/mysql/transport_maps_user.cf b/postfix.old/mysql/transport_maps_user.cf similarity index 100% rename from postfix/mysql/transport_maps_user.cf rename to postfix.old/mysql/transport_maps_user.cf diff --git a/postfix/mysql/virtual_alias_maps.cf b/postfix.old/mysql/virtual_alias_maps.cf similarity index 100% rename from postfix/mysql/virtual_alias_maps.cf rename to postfix.old/mysql/virtual_alias_maps.cf diff --git a/postfix/mysql/virtual_mailbox_domains.cf b/postfix.old/mysql/virtual_mailbox_domains.cf similarity index 100% rename from postfix/mysql/virtual_mailbox_domains.cf rename to postfix.old/mysql/virtual_mailbox_domains.cf diff --git a/postfix/mysql/virtual_mailbox_maps.cf b/postfix.old/mysql/virtual_mailbox_maps.cf similarity index 100% rename from postfix/mysql/virtual_mailbox_maps.cf rename to postfix.old/mysql/virtual_mailbox_maps.cf diff --git a/postfix.old/post-install b/postfix.old/post-install new file mode 100755 index 0000000..975266b --- /dev/null +++ b/postfix.old/post-install @@ -0,0 +1,925 @@ +#!/bin/sh + +# To view the formatted manual page of this file, type: +# POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man + +#++ +# NAME +# post-install +# SUMMARY +# Postfix post-installation script +# SYNOPSIS +# postfix post-install [name=value] command ... +# DESCRIPTION +# The post-install script performs the finishing touch of a Postfix +# installation, after the executable programs and configuration +# files are installed. Usage is one of the following: +# .IP o +# While installing Postfix from source code on the local machine, the +# script is run by the postfix-install script to update selected file +# or directory permissions and to update Postfix configuration files. +# .IP o +# While installing Postfix from a pre-built package, the script is run +# by the package management procedure to set all file or directory +# permissions and to update Postfix configuration files. +# .IP o +# The script can be used to change installation parameter settings such +# as mail_owner or setgid_group after Postfix is already installed. +# .IP o +# The script can be used to upgrade configuration files and to upgrade +# file/directory permissions of a secondary Postfix instance. +# .IP o +# At Postfix start-up time, the script is run from "postfix check" to +# create missing queue directories. +# .PP +# The post-install script is controlled by installation parameters. +# Specific parameters are described at the end of this document. +# All installation parameters must be specified ahead of time via +# one of the methods described below. +# +# Arguments +# .IP create-missing +# Create missing queue directories with ownerships and permissions +# according to the contents of $meta_directory/postfix-files +# and optionally in $meta_directory/postfix-files.d/*, using +# the mail_owner and setgid_group parameter settings from the +# command line, process environment or from the installed +# main.cf file. +# +# This is required at Postfix start-up time. +# .IP set-permissions +# Set all file/directory ownerships and permissions according to the +# contents of $meta_directory/postfix-files and optionally +# in $meta_directory/postfix-files.d/*, using the mail_owner +# and setgid_group parameter settings from the command line, +# process environment or from the installed main.cf file. +# Implies create-missing. +# +# This is required when installing Postfix from a pre-built package, +# or when changing the mail_owner or setgid_group installation parameter +# settings after Postfix is already installed. +# .IP upgrade-permissions +# Update ownership and permission of existing files/directories as +# specified in $meta_directory/postfix-files and optionally +# in $meta_directory/postfix-files.d/*, using the mail_owner +# and setgid_group parameter settings from the command line, +# process environment or from the installed main.cf file. +# Implies create-missing. +# +# This is required when upgrading an existing Postfix instance. +# .IP upgrade-configuration +# Edit the installed main.cf and master.cf files, in order to account +# for missing services and to fix deprecated parameter settings. +# +# This is required when upgrading an existing Postfix instance. +# .IP upgrade-source +# Short-hand for: upgrade-permissions upgrade-configuration. +# +# This is recommended when upgrading Postfix from source code. +# .IP upgrade-package +# Short-hand for: set-permissions upgrade-configuration. +# +# This is recommended when upgrading Postfix from a pre-built package. +# .IP first-install-reminder +# Remind the user that they still need to configure main.cf and the +# aliases file, and that newaliases still needs to be run. +# +# This is recommended when Postfix is installed for the first time. +# MULTIPLE POSTFIX INSTANCES +# .ad +# .fi +# Multiple Postfix instances on the same machine can share command and +# daemon program files but must have separate configuration and queue +# directories. +# +# To create a secondary Postfix installation on the same machine, +# copy the configuration files from the primary Postfix instance to +# a secondary configuration directory and execute: +# +# postfix post-install config_directory=secondary-config-directory \e +# .in +4 +# queue_directory=secondary-queue-directory \e +# .br +# create-missing +# .PP +# This creates secondary Postfix queue directories, sets their access +# permissions, and saves the specified installation parameters to the +# secondary main.cf file. +# +# Be sure to list the secondary configuration directory in the +# alternate_config_directories parameter in the primary main.cf file. +# +# To upgrade a secondary Postfix installation on the same machine, +# execute: +# +# postfix post-install config_directory=secondary-config-directory \e +# .in +4 +# upgrade-permissions upgrade-configuration +# INSTALLATION PARAMETER INPUT METHODS +# .ad +# .fi +# Parameter settings can be specified through a variety of +# mechanisms. In order of decreasing precedence these are: +# .IP "command line" +# Parameter settings can be given as name=value arguments on +# the post-install command line. These have the highest precedence. +# Settings that override the installed main.cf file are saved. +# .IP "process environment" +# Parameter settings can be given as name=value environment +# variables. +# Settings that override the installed main.cf file are saved. +# .IP "installed configuration files" +# If a parameter is not specified via the command line or via the +# process environment, post-install will attempt to extract its +# value from the already installed Postfix main.cf configuration file. +# These settings have the lowest precedence. +# INSTALLATION PARAMETER DESCRIPTION +# .ad +# .fi +# The description of installation parameters is as follows: +# .IP config_directory +# The directory for Postfix configuration files. +# .IP daemon_directory +# The directory for Postfix daemon programs. This directory +# should not be in the command search path of any users. +# .IP command_directory +# The directory for Postfix administrative commands. This +# directory should be in the command search path of adminstrative users. +# .IP queue_directory +# The directory for Postfix queues. +# .IP data_directory +# The directory for Postfix writable data files (caches, etc.). +# .IP sendmail_path +# The full pathname for the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# .IP newaliases_path +# The full pathname for the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases +# for the Postfix local delivery agent. +# .IP mailq_path +# The full pathname for the Postfix mailq command. +# This is the Sendmail-compatible command to list the mail queue. +# .IP mail_owner +# The owner of the Postfix queue. Its numerical user ID and group ID +# must not be used by any other accounts on the system. +# .IP setgid_group +# The group for mail submission and for queue management commands. +# Its numerical group ID must not be used by any other accounts on the +# system, not even by the mail_owner account. +# .IP html_directory +# The directory for the Postfix HTML files. +# .IP manpage_directory +# The directory for the Postfix on-line manual pages. +# .IP sample_directory +# The directory for the Postfix sample configuration files. +# This feature is obsolete as of Postfix 2.1. +# .IP readme_directory +# The directory for the Postfix README files. +# .IP shlib_directory +# The directory for the Postfix shared-library files, and for +# the Postfix dabatase plugin files with a relative pathname +# in the file dynamicmaps.cf. +# .IP meta_directory +# The directory for non-executable files that are shared +# among multiple Postfix instances, such as postfix-files, +# dynamicmaps.cf, as well as the multi-instance template files +# main.cf.proto and master.cf.proto. +# SEE ALSO +# postfix-install(1) Postfix primary installation script. +# FILES +# $config_directory/main.cf, Postfix installation parameters. +# $meta_directory/postfix-files, installation control file. +# $meta_directory/postfix-files.d/*, optional control files. +# $config_directory/install.cf, obsolete configuration file. +# LICENSE +# .ad +# .fi +# The Secure Mailer license must be distributed with this software. +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +#-- + +umask 022 + +PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd +SHELL=/bin/sh +IFS=" +" +BACKUP_IFS="$IFS" +debug=: +#debug=echo +MOST_PARAMETERS="command_directory daemon_directory data_directory + html_directory mail_owner mailq_path manpage_directory + newaliases_path queue_directory readme_directory sample_directory + sendmail_path setgid_group shlib_directory meta_directory" +NON_SHARED="config_directory queue_directory data_directory" + +USAGE="Usage: $0 [name=value] command + create-missing Create missing queue directories. + upgrade-source When installing or upgrading from source code. + upgrade-package When installing or upgrading from pre-built package. + first-install-reminder Remind of mandatory first-time configuration steps. + name=value Specify an installation parameter". + +# Process command-line options and parameter settings. Work around +# brain damaged shells. "IFS=value command" should not make the +# IFS=value setting permanent. But some broken standard allows it. + +create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder= +obsolete=; keep_list=; + +for arg +do + case $arg in + *[" "]*) echo $0: "Error: argument contains whitespace: '$arg'" + exit 1;; + *=*) IFS= eval $arg; IFS="$BACKUP_IFS";; + create-missing) create=1;; + set-perm*) create=1; set_perms=1;; + upgrade-perm*) create=1; upgrade_perms=1;; + upgrade-conf*) upgrade_conf=1;; + upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;; + upgrade-package) create=1; upgrade_conf=1; set_perms=1;; + first-install*) first_install_reminder=1;; + *) echo "$0: Error: $USAGE" 1>&2; exit 1;; + esac + shift +done + +# Sanity checks. + +test -n "$create$upgrade_conf$first_install_reminder" || { + echo "$0: Error: $USAGE" 1>&2 + exit 1 +} + +# Bootstrapping problem. + +if [ -n "$command_directory" ] +then + POSTCONF="$command_directory/postconf" +else + POSTCONF="postconf" +fi + +$POSTCONF -d mail_version >/dev/null 2>/dev/null || { + echo $0: Error: no $POSTCONF command found. 1>&2 + echo Re-run this command as $0 command_directory=/some/where. 1>&2 + exit 1 +} + +# Also used to require license etc. files only in the default instance. + +def_config_directory=`$POSTCONF -d -h config_directory` || exit 1 +test -n "$config_directory" || + config_directory="$def_config_directory" + +test -d "$config_directory" || { + echo $0: Error: $config_directory is not a directory. 1>&2 + exit 1 +} + +# If this is a secondary instance, don't touch shared files. +# XXX Solaris does not have "test -e". + +instances=`test ! -f $def_config_directory/main.cf || + $POSTCONF -c $def_config_directory -h multi_instance_directories | + sed 's/,/ /'` || exit 1 + +update_shared_files=1 +for name in $instances +do + case "$name" in + "$def_config_directory") ;; + "$config_directory") update_shared_files=; break;; + esac +done + +test -f $meta_directory/postfix-files || { + echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2 + exit 1 +} + +# SunOS5 fmt(1) truncates lines > 1000 characters. + +fake_fmt() { + sed ' + :top + /^\( *\)\([^ ][^ ]*\) */{ + s//\1\2\ +\1/ + P + D + b top + } + ' | fmt +} + +case `uname -s` in +HP-UX*) FMT=cat;; +SunOS*) FMT=fake_fmt;; + *) FMT=fmt;; +esac + +# If a parameter is not set via the command line or environment, +# try to use settings from installed configuration files. + +# Extract parameter settings from the obsolete install.cf file, as +# a transitional aid. + +grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || { + test -f $config_directory/install.cf && { + for name in sendmail_path newaliases_path mailq_path setgid manpages + do + eval junk=\$$name + case "$junk" in + "") eval unset $name;; + esac + eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \ + || exit 1 + done + : ${setgid_group=$setgid} + : ${manpage_directory=$manpages} + } +} + +# Extract parameter settings from the installed main.cf file. + +test -f $config_directory/main.cf && { + for name in $MOST_PARAMETERS + do + eval junk=\$$name + case "$junk" in + "") eval unset $name;; + esac + eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1 + done +} + +# Sanity checks + +case $manpage_directory in + no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2 + echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;; +esac + +case $setgid_group in + no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2 + echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;; +esac + +for path in "$daemon_directory" "$command_directory" "$queue_directory" \ + "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \ + "$meta_directory" +do + case "$path" in + /*) ;; + *) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;; + esac +done + +for path in "$html_directory" "$readme_directory" "$shlib_directory" +do + case "$path" in + /*) ;; + no) ;; + *) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;; + esac +done + +# Find out what parameters were not specified via command line, +# via environment, or via installed configuration files. + +missing= +for name in $MOST_PARAMETERS +do + eval test -n \"\$$name\" || missing="$missing $name" +done + +# All parameters must be specified at this point. + +test -n "$non_interactive" -a -n "$missing" && { + cat <&2 +$0: Error: some required installation parameters are not defined. + +- Either the parameters need to be given in the $config_directory/main.cf +file from a recent Postfix installation, + +- Or the parameters need to be specified through the process +environment. + +- Or the parameters need to be specified as name=value arguments +on the $0 command line, + +The following parameters were missing: + + $missing + +EOF + exit 1 +} + +POSTCONF="$command_directory/postconf" + +# Save settings, allowing command line/environment override. + +# Undo MAIL_VERSION expansion at the end of a parameter value. If +# someone really wants the expanded mail version in main.cf, then +# we're sorry. + +# Confine side effects from mail_version unexpansion within a subshell. + +(case "$mail_version" in +"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1 +esac + +for name in $MOST_PARAMETERS +do + eval junk=\$$name + case "$junk" in + *"$mail_version"*) + case "$pattern" in + "") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1 + esac + val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1 + eval ${name}='"$val"' + esac +done + +# XXX Maybe update main.cf only with first install, upgrade, set +# permissions, and what else? Should there be a warning otherwise? + +override= +for name in $MOST_PARAMETERS +do + eval junk=\"\$$name\" + test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || { + override=1 + break + } +done + +test -n "$override" && { + $POSTCONF -c $config_directory -e \ + "daemon_directory = $daemon_directory" \ + "command_directory = $command_directory" \ + "queue_directory = $queue_directory" \ + "data_directory = $data_directory" \ + "mail_owner = $mail_owner" \ + "setgid_group = $setgid_group" \ + "sendmail_path = $sendmail_path" \ + "mailq_path = $mailq_path" \ + "newaliases_path = $newaliases_path" \ + "html_directory = $html_directory" \ + "manpage_directory = $manpage_directory" \ + "sample_directory = $sample_directory" \ + "readme_directory = $readme_directory" \ + "shlib_directory = $shlib_directory" \ + "meta_directory = $meta_directory" \ + || exit 1 +} || exit 0) || exit 1 + +# Use file/directory status information in $meta_directory/postfix-files. + +test -n "$create" && { + postfix_files_d=$meta_directory/postfix-files.d + for postfix_file in $meta_directory/postfix-files \ + `test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }` + do + exec <$postfix_file || exit 1 + while IFS=: read path type owner group mode flags junk + do + IFS="$BACKUP_IFS" + set_permission= + # Skip comments. Skip shared files, if updating a secondary instance. + case $path in + [$]*) case "$update_shared_files" in + 1) $debug keep non-shared or shared $path;; + *) non_shared= + for name in $NON_SHARED + do + case $path in + "\$$name"*) non_shared=1; break;; + esac + done + case "$non_shared" in + 1) $debug keep non-shared $path;; + *) $debug skip shared $path; continue;; + esac;; + esac;; + *) continue;; + esac + # Skip hard links and symbolic links. + case $type in + [hl]) continue;; + [df]) ;; + *) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;; + esac + # Expand $name, and canonicalize null fields. + for name in path owner group flags + do + eval junk=\${$name} + case $junk in + [$]*) eval $name=$junk;; + -) eval $name=;; + *) ;; + esac + done + # Skip uninstalled files. + case $path in + no|no/*) continue;; + esac + # Pick up the flags. + case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac + case $flags in *c*) create_flag=1;; *) create_flag=;; esac + case $flags in *r*) recursive="-R";; *) recursive=;; esac + case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac + case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \ + "$def_config_directory" && continue;; esac + # Flag obsolete objects. XXX Solaris 2..9 does not have "test -e". + if [ -n "$obsolete_flag" ] + then + test -r $path -a "$type" != "d" && obsolete="$obsolete $path" + continue; + else + keep_list="$keep_list $path" + fi + # Create missing directories with proper owner/group/mode settings. + if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ] + then + mkdir $path || exit 1 + set_permission=1 + # Update all owner/group/mode settings. + elif [ -n "$set_perms" ] + then + set_permission=1 + # Update obsolete owner/group/mode settings. + elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ] + then + set_permission=1 + fi + test -n "$set_permission" && { + chown $recursive $owner $path || exit 1 + test -z "$group" || chgrp $recursive $group $path || exit 1 + # Don't "chmod -R"; queue file status is encoded in mode bits. + if [ "$type" = "d" -a -n "$recursive" ] + then + find $path -type d -exec chmod $mode "{}" ";" + else + chmod $mode $path + fi || exit 1 + } + done + IFS="$BACKUP_IFS" + done +} + +# Upgrade existing Postfix configuration files if necessary. + +test -n "$upgrade_conf" && { + + # Postfix 2.0. + # Add missing relay service to master.cf. + + grep '^relay' $config_directory/master.cf >/dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for relay service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for flush service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for trace service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for verify service + cat >>$config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, setting verify process limit to 1 + ed $config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, making the pickup service unprivileged + ed $config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, making the $name service public + ed $config_directory/master.cf </dev/null) || missing="$missing defer" + (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred" + test -n "$missing" && { + echo fixing main.cf hash_queue_names for missing $missing + $POSTCONF -c $config_directory -e hash_queue_names="$found$missing" || + exit 1 + } + + # Turn on safety nets for new features that could bounce mail that + # would be accepted by a previous Postfix version. + + # [The "unknown_local_recipient_reject_code = 450" safety net, + # introduced with Postfix 2.0 and deleted after Postfix 2.3.] + + # Postfix 2.0. + # Add missing proxymap service to master.cf. + + grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for proxymap service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for anvil service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for scache service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for discard service + cat >>$config_directory/master.cf <unix service. + + grep "^tlsmgr[ ]*fifo[ ]" \ + $config_directory/master.cf >/dev/null && { + echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service + ed $config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for retry service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for proxywrite service + cat >>$config_directory/master.cf </dev/null && { + echo Editing $config_directory/master.cf, setting proxywrite process limit to 1 + ed $config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service + cat >>$config_directory/master.cf </dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for postlog unix-domain datagram service + cat >>$config_directory/master.cf <&2 + echo Do not run directly. 1>&2 + exit 1 +esac + +LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script" +INFO="$LOGGER -p info" +WARN="$LOGGER -p warn" +ERROR="$LOGGER -p error" +FATAL="$LOGGER -p fatal" +PANIC="$LOGGER -p panic" + +if [ "X${1#quiet-}" != "X${1}" ]; then + INFO=: + x=${1#quiet-} + shift + set -- $x "$@" +fi + +umask 022 +SHELL=/bin/sh + +# +# Can't do much without these in place. +# +cd $command_directory || { + $FATAL no Postfix command directory $command_directory! + exit 1 +} +cd $daemon_directory || { + $FATAL no Postfix daemon directory $daemon_directory! + exit 1 +} +test -f master || { + $FATAL no Postfix master program $daemon_directory/master! + exit 1 +} +cd $config_directory || { + $FATAL no Postfix configuration directory $config_directory! + exit 1 +} +case $shlib_directory in +no) ;; + *) cd $shlib_directory || { + $FATAL no Postfix shared-library directory $shlib_directory! + exit 1 + } +esac +cd $meta_directory || { + $FATAL no Postfix meta directory $meta_directory! + exit 1 +} +cd $queue_directory || { + $FATAL no Postfix queue directory $queue_directory! + exit 1 +} +def_config_directory=`$command_directory/postconf -dh config_directory` || { + $FATAL cannot execute $command_directory/postconf! + exit 1 +} + +# If this is a secondary instance, don't touch shared files. + +instances=`test ! -f $def_config_directory/main.cf || + $command_directory/postconf -c $def_config_directory \ + -h multi_instance_directories | sed 's/,/ /'` || { + $FATAL cannot execute $command_directory/postconf! + exit 1 +} + +check_shared_files=1 +for name in $instances +do + case "$name" in + "$def_config_directory") ;; + "$config_directory") check_shared_files=; break;; + esac +done + +# +# Parse JCL +# +case $1 in + +start_msg) + + echo "Start postfix" + ;; + +stop_msg) + + echo "Stop postfix" + ;; + +quick-start) + + $daemon_directory/master -t 2>/dev/null || { + $FATAL the Postfix mail system is already running + exit 1 + } + $daemon_directory/postfix-script quick-check || { + $FATAL Postfix integrity check failed! + exit 1 + } + $INFO starting the Postfix mail system + $daemon_directory/master & + ;; + +start|start-fg) + + $daemon_directory/master -t 2>/dev/null || { + $FATAL the Postfix mail system is already running + exit 1 + } + if [ -f $queue_directory/quick-start ] + then + rm -f $queue_directory/quick-start + else + $daemon_directory/postfix-script check-fatal || { + $FATAL Postfix integrity check failed! + exit 1 + } + # Foreground this so it can be stopped. All inodes are cached. + $daemon_directory/postfix-script check-warn + fi + $INFO starting the Postfix mail system || exit 1 + case $1 in + start) + # NOTE: wait in foreground process to get the initialization status. + $daemon_directory/master -w || { + $FATAL "mail system startup failed" + exit 1 + } + ;; + start-fg) + # Foreground start-up is incompatible with multi-instance mode. + # Use "exec $daemon_directory/master" only if PID == 1. + # Otherwise, doing so would break process group management, + # and "postfix stop" would kill too many processes. + case $instances in + "") case $$ in + 1) exec $daemon_directory/master -i + $FATAL "cannot start-fg the master daemon" + exit 1;; + *) $daemon_directory/master -s;; + esac + ;; + *) $FATAL "start-fg does not support multi_instance_directories" + exit 1 + ;; + esac + ;; + esac + ;; + +drain) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO stopping the Postfix mail system + kill -9 `sed 1q pid/master.pid` + ;; + +quick-stop) + + $daemon_directory/postfix-script stop + touch $queue_directory/quick-start + ;; + +stop) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 0 + } + $INFO stopping the Postfix mail system + kill `sed 1q pid/master.pid` + for i in 5 4 3 2 1 + do + $daemon_directory/master -t && exit 0 + $INFO waiting for the Postfix mail system to terminate + sleep 1 + done + $WARN stopping the Postfix mail system with force + pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` && + kill -9 -$pid + ;; + +abort) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 0 + } + $INFO aborting the Postfix mail system + kill `sed 1q pid/master.pid` + ;; + +reload) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO refreshing the Postfix mail system + $command_directory/postsuper active || exit 1 + kill -HUP `sed 1q pid/master.pid` + $command_directory/postsuper & + ;; + +flush) + + cd $queue_directory || { + $FATAL no Postfix queue directory $queue_directory! + exit 1 + } + $command_directory/postqueue -f + ;; + +check) + + $daemon_directory/postfix-script check-fatal || exit 1 + $daemon_directory/postfix-script check-warn + exit 0 + ;; + +status) + + $daemon_directory/master -t 2>/dev/null && { + $INFO the Postfix mail system is not running + exit 1 + } + $INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid` + exit 0 + ;; + +quick-check) + # This command is NOT part of the public interface. + + $SHELL $daemon_directory/post-install create-missing || { + $WARN unable to create missing queue directories + exit 1 + } + + # Look for incomplete installations. + + test -f $config_directory/master.cf || { + $FATAL no $config_directory/master.cf file found + exit 1 + } + exit 0 + ;; + +check-fatal) + # This command is NOT part of the public interface. + + $daemon_directory/postfix-script quick-check + + maillog_file=`$command_directory/postconf -h maillog_file` || { + $FATAL cannot execute $command_directory/postconf! + exit 1 + } + test -n "$maillog_file" && { + $command_directory/postconf -M postlog/unix-dgram 2>/dev/null \ + | grep . >/dev/null || { + $FATAL "missing 'postlog' service in master.cf - run 'postfix upgrade-configuration'" + exit 1 + } + } + + # See if all queue files are in the right place. This is slow. + # We must scan all queues for mis-named queue files before the + # mail system can run. + + $command_directory/postsuper || exit 1 + exit 0 + ;; + +check-warn) + # This command is NOT part of the public interface. + + # Check Postfix root-owned directory owner/permissions. + + find $queue_directory/. $queue_directory/pid \ + -prune ! -user root \ + -exec $WARN not owned by root: {} \; + + find $queue_directory/. $queue_directory/pid \ + -prune \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + # Check Postfix root-owned directory tree owner/permissions. + + todo="$config_directory/." + test -n "$check_shared_files" && { + todo="$daemon_directory/. $meta_directory/. $todo" + test "$shlib_directory" = "no" || + todo="$shlib_directory/. $todo" + } + todo=`echo "$todo" | tr ' ' '\12' | sort -u` + + find $todo ! -user root \ + -exec $WARN not owned by root: {} \; + + # Handle symlinks separately + find -L $todo \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + find $todo -type l | while read f; do \ + readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \ + done; \ + + # Check Postfix mail_owner-owned directory tree owner/permissions. + + find $data_directory/. ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: {} \; + + find $data_directory/. \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + # Check Postfix mail_owner-owned directory tree owner. + + find `ls -d $queue_directory/* | \ + egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \ + ! \( -type p -o -type s \) ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: {} \; + + # WARNING: this should not descend into the maildrop directory. + # maildrop is the least trusted Postfix directory. + + find $queue_directory/maildrop -prune ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: $queue_directory/maildrop \; + + # Check Postfix setgid_group-owned directory and file group/permissions. + + todo="$queue_directory/public $queue_directory/maildrop" + test -n "$check_shared_files" && + todo="$command_directory/postqueue $command_directory/postdrop $todo" + + find $todo \ + -prune ! -group $setgid_group \ + -exec $WARN not owned by group $setgid_group: {} \; + + test -n "$check_shared_files" && + find $command_directory/postqueue $command_directory/postdrop \ + -prune ! -perm -02111 \ + -exec $WARN not set-gid or not owner+group+world executable: {} \; + + # Check non-Postfix root-owned directory tree owner/content. + + for dir in bin etc lib sbin usr + do + test -d $dir && { + find $dir ! -user root \ + -exec $WARN not owned by root: $queue_directory/{} \; + + find $dir -type f -print | while read path + do + test -f /$path && { + cmp -s $path /$path || + $WARN $queue_directory/$path and /$path differ + } + done + } + done + + find corrupt -type f -exec $WARN damaged message: {} \; + + # Check for non-Postfix MTA remnants. + + test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \ + -f /usr/lib/sendmail && { + cmp -s /usr/sbin/sendmail /usr/lib/sendmail || { + $WARN /usr/lib/sendmail and /usr/sbin/sendmail differ + $WARN Replace one by a symbolic link to the other + } + } + exit 0 + ;; + +set-permissions|upgrade-configuration) + $daemon_directory/post-install create-missing "$@" + ;; + +post-install) + # Currently not part of the public interface. + shift + $daemon_directory/post-install "$@" + ;; + +tls) + shift + $daemon_directory/postfix-tls-script "$@" + ;; + +/*) + # Currently not part of the public interface. + "$@" + ;; + +logrotate) + case $# in + 1) ;; + *) $FATAL "usage postfix $1 (no arguments)"; exit 1;; + esac + for name in maillog_file maillog_file_compressor \ + maillog_file_rotate_suffix + do + value="`$command_directory/postconf -h $name`" + case "$value" in + "") $FATAL "empty '$name' parameter value - logfile rotation failed" + exit 1;; + esac + eval $name='"$value"'; + done + + case "$maillog_file" in + /dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;; + esac + + errors=`( + suffix="\`date +$maillog_file_rotate_suffix\`" || exit 1 + mv "$maillog_file" "$maillog_file.$suffix" || exit 1 + $daemon_directory/master -t 2>/dev/null || + kill -HUP \`sed 1q pid/master.pid\` || exit 1 + sleep 1 + "$maillog_file_compressor" "$maillog_file.$suffix" || exit 1 + ) 2>&1` || { + $FATAL "logfile '$maillog_file' rotation failed: $errors" + exit 1 + } + ;; + +*) + $FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration, logrotate)" + exit 1 + ;; + +esac diff --git a/postfix/postscreen_access.cidr b/postfix.old/postscreen_access.cidr similarity index 100% rename from postfix/postscreen_access.cidr rename to postfix.old/postscreen_access.cidr diff --git a/postfix/postscreen_dnsbl_reply b/postfix.old/postscreen_dnsbl_reply similarity index 100% rename from postfix/postscreen_dnsbl_reply rename to postfix.old/postscreen_dnsbl_reply diff --git a/postfix/sender_access.pcre b/postfix.old/sender_access.pcre similarity index 100% rename from postfix/sender_access.pcre rename to postfix.old/sender_access.pcre diff --git a/postfix/dynamicmaps.cf b/postfix/dynamicmaps.cf index 99de784..b65b439 100644 --- a/postfix/dynamicmaps.cf +++ b/postfix/dynamicmaps.cf @@ -4,4 +4,3 @@ #==== ================================ ============= ============ pcre postfix-pcre.so dict_pcre_open sqlite postfix-sqlite.so dict_sqlite_open -mysql postfix-mysql.so dict_mysql_open diff --git a/postfix/main.cf b/postfix/main.cf index 8f34ba2..5e63134 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -1,314 +1,89 @@ -# -------------------- -# INSTALL-TIME CONFIGURATION INFORMATION -# -# location of the Postfix queue. Default is /var/spool/postfix. -queue_directory = /var/spool/postfix +# Managed by config management +# See /usr/share/postfix/main.cf.dist for a commented, more complete version -# location of all postXXX commands. Default is /usr/sbin. -command_directory = /usr/sbin -# location of all Postfix daemon programs (i.e. programs listed in the -# master.cf file). This directory must be owned by root. -# Default is /usr/libexec/postfix -#daemon_directory = /usr/lib/postfix +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +myorigin = /etc/mailname -# location of Postfix-writable data files (caches, random numbers). -# This directory must be owned by the mail_owner account (see below). -# Default is /var/lib/postfix. -data_directory = /var/lib/postfix - -# owner of the Postfix queue and of most Postfix daemon processes. -# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID -# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. -# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER. -# Default is postfix. -mail_owner = postfix - -# The following parameters are used when installing a new Postfix version. -# -# sendmail_path: The full pathname of the Postfix sendmail command. -# This is the Sendmail-compatible mail posting interface. -# -sendmail_path = /usr/sbin/sendmail - -# newaliases_path: The full pathname of the Postfix newaliases command. -# This is the Sendmail-compatible command to build alias databases. -# -newaliases_path = /usr/bin/newaliases - -# full pathname of the Postfix mailq command. This is the Sendmail-compatible -# mail queue listing command. -mailq_path = /usr/bin/mailq - -# group for mail submission and queue management commands. -# This must be a group name with a numerical group ID that is not shared with -# other accounts, not even with the Postfix account. -setgid_group = postdrop - -# external command that is executed when a Postfix daemon program is run with -# the -D option. -# -# Use "command .. & sleep 5" so that the debugger can attach before -# the process marches on. If you use an X-based debugger, be sure to -# set up your XAUTHORITY environment variable before starting Postfix. -# -debugger_command = - PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin - ddd $daemon_directory/$process_name $process_id & sleep 5 - -debug_peer_level = 2 - -# -------------------- -# CUSTOM SETTINGS -# - -# SMTP server response code when recipient or domain not found. -unknown_local_recipient_reject_code = 550 - -# Do not notify local user. +smtpd_banner = $myhostname ESMTP Frank Brehms Mail Service $mail_name ($mail_version) (Debian/GNU) biff = no -# Disable the rewriting of "site!user" into "user@site". -swap_bangpath = no - -# Disable the rewriting of the form "user%domain" to "user@domain". -allow_percent_hack = no - -# Allow recipient address start with '-'. -allow_min_user = no - -# Disable the SMTP VRFY command. This stops some techniques used to -# harvest email addresses. -disable_vrfy_command = yes - -# Enable both IPv4 and/or IPv6: ipv4, ipv6, all. -inet_protocols = all - -# Enable all network interfaces. -inet_interfaces = all -# -# TLS settings. -# -# SSL key, certificate, CA -# +# appending .domain is the MUA's job. +append_dot_mydomain = yes + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no +# SASL parameters (http://www.postfix.org/SASL_README.html) +smtpd_sasl_auth_enable = yes +smtpd_sasl_path = smtpd +smtpd_sasl_type = cyrus +smtpd_sasl_local_domain = $myhostname +smtpd_sasl_security_options = + noanonymous, + noplaintext, +smtpd_sasl_tls_security_options = + noanonymous, +smtpd_tls_auth_only = no +# TLS parameters (http://www.postfix.org/TLS_README.html) +# Recipient settings +smtpd_use_tls = yes +smtpd_tls_loglevel = 1 +smtpd_tls_security_level = may smtpd_tls_key_file = /etc/letsencrypt/live/mail.uhu-banane.net/privkey.pem smtpd_tls_cert_file = /etc/letsencrypt/live/mail.uhu-banane.net/fullchain.pem smtpd_tls_CAfile = $smtpd_tls_cert_file - -# -# Disable SSLv2, SSLv3 -# -smtpd_tls_protocols = !SSLv2 !SSLv3 -smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 -smtp_tls_protocols = !SSLv2 !SSLv3 -smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 -lmtp_tls_protocols = !SSLv2 !SSLv3 -lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 - -# -# Fix 'The Logjam Attack'. -# -smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA -smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem -smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem - -tls_random_source = dev:/dev/urandom - -# Log only a summary message on TLS handshake completion — no logging of client -# certificate trust-chain verification errors if client certificate -# verification is not required. With Postfix 2.8 and earlier, log the summary -# message, peer certificate summary information and unconditionally log -# trust-chain verification errors. +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtpd_tls_mandatory_ciphers = high +smtpd_tls_mandatory_exclude_ciphers = + aNULL, + MD5, +smtpd_tls_mandatory_protocols = + !SSLv2, + !SSLv3, +tls_preempt_cipherlist = yes +# Relay/Sender settings smtp_tls_loglevel = 1 -smtpd_tls_loglevel = 1 - -# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do -# not require that clients use TLS encryption. -smtpd_tls_security_level = may - -# Produce `Received:` message headers that include information about the -# protocol and cipher used, as well as the remote SMTP client CommonName and -# client certificate issuer CommonName. -# This is disabled by default, as the information may be modified in transit -# through other mail servers. Only information that was recorded by the final -# destination can be trusted. -#smtpd_tls_received_header = yes - -# Opportunistic TLS, used when Postfix sends email to remote SMTP server. -# Use TLS if this is supported by the remote SMTP server, otherwise use -# plaintext. -# References: -# - http://www.postfix.org/TLS_README.html#client_tls_may -# - http://www.postfix.org/postconf.5.html#smtp_tls_security_level smtp_tls_security_level = may +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache +smtpd_tls_received_header = yes +smtpd_tls_session_cache_timeout = 3600s -# Use the same CA file as smtpd. -smtp_tls_CAfile = $smtpd_tls_cert_file -smtp_tls_note_starttls_offer = yes - -# Enable long, non-repeating, queue IDs (queue file names). -# The benefit of non-repeating names is simpler logfile analysis and easier -# queue migration (there is no need to run "postsuper" to change queue file -# names that don't match their message file inode number). -#enable_long_queue_ids = yes - -# Reject unlisted sender and recipient -smtpd_reject_unlisted_recipient = yes -smtpd_reject_unlisted_sender = yes - -# Header and body checks with PCRE table -header_checks = pcre:/etc/postfix/header_checks -body_checks = pcre:/etc/postfix/body_checks.pcre - -# HELO restriction -smtpd_helo_required = yes -smtpd_helo_restrictions = - permit_mynetworks - permit_sasl_authenticated - reject_non_fqdn_helo_hostname - reject_invalid_helo_hostname - check_helo_access pcre:/etc/postfix/helo_access.pcre - -# Sender restrictions -smtpd_sender_restrictions = - reject_unknown_sender_domain - reject_non_fqdn_sender - reject_unlisted_sender - permit_mynetworks - permit_sasl_authenticated - check_sender_access pcre:/etc/postfix/sender_access.pcre - -# Recipient restrictions -smtpd_recipient_restrictions = - reject_unknown_recipient_domain - reject_non_fqdn_recipient - reject_unlisted_recipient - permit_mynetworks - permit_sasl_authenticated - reject_unauth_destination - - # check_policy_service inet:127.0.0.1:7777 - -# Data restrictions -smtpd_data_restrictions = reject_unauth_pipelining - -# END-OF-MESSAGE restrictions -smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777 - -proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps - -# Avoid duplicate recipient messages. Default is 'yes'. -enable_original_recipient = no - -# Virtual support. -virtual_minimum_uid = 2000 -virtual_uid_maps = static:2000 -virtual_gid_maps = static:2000 -virtual_mailbox_base = /home/vmail - -# Do not set virtual_alias_domains. -virtual_alias_domains = - -# -# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication. -# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should -# be forced to submit email through port 587 instead. -# -#smtpd_sasl_auth_enable = yes -#smtpd_tls_auth_only = yes -#smtpd_sasl_security_options = noanonymous - -# hostname -myhostname = mail.uhu-banane.net -myorigin = mail.uhu-banane.net -mydomain = uhu-banane.net - -# trusted SMTP clients which are allowed to relay mail through Postfix. -# -# Note: additional IP addresses/networks listed in mynetworks should be listed -# in iRedAPD setting 'MYNETWORKS' too. for example: -# -# MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...] -# +myhostname = sarah.uhu-banane.de +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = sarah.uhu-banane.de, sarah.brehm-online.com, localhost.uhu-banane.de, localhost, localhost.localdomain +relayhost = [mail.uhu-banane.net]:submission mynetworks = 127.0.0.1, 185.48.118.130, 10.12.20.5, [2001:6f8:1db7::5] - -# Accepted local emails -mydestination = $myhostname, sarah.uhu-banane.de, localhost, localhost.localdomain - -alias_maps = hash:/etc/postfix/aliases -alias_database = hash:/etc/postfix/aliases - -# Default message_size_limit. -message_size_limit = 52428800 - -# The set of characters that can separate a user name from its extension -# (example: user+foo), or a .forward file name from its extension (example: -# .forward+foo). -# Postfix 2.11 and later supports multiple characters. +mailbox_command = procmail -a "$EXTENSION" +mailbox_size_limit = 0 recipient_delimiter = + +inet_interfaces = loopback-only +inet_protocols = ipv4 -# -# Lookup virtual mail accounts -# -transport_maps = - proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf - proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf - -sender_dependent_relayhost_maps = - proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf - -# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses. -smtpd_sender_login_maps = - proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf - -virtual_mailbox_domains = - proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf - -relay_domains = - $mydestination - proxy:mysql:/etc/postfix/mysql/relay_domains.cf - -virtual_mailbox_maps = - proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf - -virtual_alias_maps = - proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf - proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf - proxy:mysql:/etc/postfix/mysql/catchall_maps.cf - proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf - -sender_bcc_maps = - proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf - proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf +message_size_limit = 41943040 -recipient_bcc_maps = - proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf - proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf -postscreen_dnsbl_threshold = 2 -postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2 -postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply -postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr -postscreen_greet_action = enforce -postscreen_dnsbl_action = enforce -postscreen_blacklist_action = enforce -postscreen_dnsbl_whitelist_threshold = -2 -# -# Dovecot SASL support. -# -smtpd_sasl_type = dovecot -smtpd_sasl_path = private/dovecot-auth -virtual_transport = dovecot -dovecot_destination_recipient_limit = 1 -content_filter = smtp-amavis:[127.0.0.1]:10024 -smtp-amavis_destination_recipient_limit = 1 -mailbox_size_limit = 524288000 -smtpd_tls_received_header = yes - -# smtpd_milters = inet:localhost:8891 -# non_smtpd_milters = inet:localhost:8891 - -smtpd_banner = $myhostname ESMTP $mail_name $mail_version -smtpd_sasl_authenticated_header = yes +smtpd_relay_restrictions = + permit_mynetworks, + permit_sasl_authenticated, + defer_unauth_destination, +smtpd_recipient_restrictions = + permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, +smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth +smtp_tls_enforce_peername = no smtp_tls_cert_file = $smtpd_tls_cert_file smtp_tls_key_file = $smtpd_tls_key_file +smtp_use_tls = yes +smtp_sasl_security_options = noanonymous +smtp_sasl_auth_enable = yes +smtp_tls_CApath = + +unknown_local_recipient_reject_code = 550 + +# vim: filetype=pfmain diff --git a/postfix/master.cf b/postfix/master.cf index 6b0256c..04cd2cf 100644 --- a/postfix/master.cf +++ b/postfix/master.cf @@ -6,15 +6,15 @@ # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (yes) (never) (100) # ========================================================================== -#smtp inet n - - - - smtpd -smtp inet n - - - 1 postscreen -smtpd pass - - - - - smtpd -dnsblog unix - - - - 0 dnsblog -tlsproxy unix - - - - 0 tlsproxy -#submission inet n - - - - smtpd +smtp inet n - - - - smtpd +#smtp inet n - - - 1 postscreen +#smtpd pass - - - - - smtpd +#dnsblog unix - - - - 0 dnsblog +#tlsproxy unix - - - - 0 tlsproxy +#submission inet n - - - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes @@ -25,7 +25,7 @@ tlsproxy unix - - - - 0 tlsproxy # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#smtps inet n - - - - smtpd +#smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes @@ -36,33 +36,32 @@ tlsproxy unix - - - - 0 tlsproxy # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#628 inet n - - - - qmqpd -pickup unix n - - 60 1 pickup - -o content_filter=smtp-amavis:[127.0.0.1]:10026 -cleanup unix n - - - 0 cleanup -qmgr unix n - n 300 1 qmgr -#qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - - 1000? 1 tlsmgr -rewrite unix - - - - - trivial-rewrite -bounce unix - - - - 0 bounce -defer unix - - - - 0 bounce -trace unix - - - - 0 bounce -verify unix - - - - 1 verify -flush unix n - - 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - - - - smtp -relay unix - - - - - smtp +#628 inet n - - - - qmqpd +pickup unix n - - 60 1 pickup +cleanup unix n - - - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - - 1000? 1 tlsmgr +rewrite unix - - - - - trivial-rewrite +bounce unix - - - - 0 bounce +defer unix - - - - 0 bounce +trace unix - - - - 0 bounce +verify unix - - - - 1 verify +flush unix n - - 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - - - - smtp +relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - - - - showq -error unix - - - - - error -retry unix - - - - - error -discard unix - - - - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - - - - lmtp -anvil unix - - - - 1 anvil -scache unix - - - - 1 scache +showq unix n - - - - showq +error unix - - - - - error +retry unix - - - - - error +discard unix - - - - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - - - - lmtp +anvil unix - - - - 1 anvil +scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual @@ -76,7 +75,7 @@ scache unix - - - - 1 scache # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # -maildrop unix - n n - - pipe +maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== @@ -95,74 +94,31 @@ maildrop unix - n n - - pipe # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # -#cyrus unix - n n - - pipe +#cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # -#old-cyrus unix - n n - - pipe +#old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # -uucp unix - n n - - pipe +uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # -ifmail unix - n n - - pipe +ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n n - - pipe +bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe +scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} -mailman unix - n n - - pipe +mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} -# Submission, port 587, force TLS connection. -submission inet n - n - - smtpd - -o syslog_name=postfix/submission - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject - -o content_filter=smtp-amavis:[127.0.0.1]:10026 - -# Use dovecot's `deliver` program as LDA. -dovecot unix - n n - - pipe - flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension} - -# Amavisd integration. -smtp-amavis unix - - n - 2 smtp - -o smtp_data_done_timeout=1200 - -o smtp_send_xforward_command=yes - -o disable_dns_lookups=yes - -o max_use=20 - -127.0.0.1:10025 inet n - n - - smtpd - -o content_filter= - -o mynetworks_style=host - -o mynetworks=127.0.0.0/8 - -o local_recipient_maps= - -o relay_recipient_maps= - -o strict_rfc821_envelopes=yes - -o smtp_tls_security_level=none - -o smtpd_tls_security_level=none - -o smtpd_restriction_classes= - -o smtpd_delay_reject=no - -o smtpd_client_restrictions=permit_mynetworks,reject - -o smtpd_helo_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o smtpd_end_of_data_restrictions= - -o smtpd_error_sleep_time=0 - -o smtpd_soft_error_limit=1001 - -o smtpd_hard_error_limit=1000 - -o smtpd_client_connection_count_limit=0 - -o smtpd_client_connection_rate_limit=0 - -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings,no_milters - -# vim: ts=4 diff --git a/postfix/mkpostfixcert b/postfix/mkpostfixcert new file mode 100755 index 0000000..5a75c29 --- /dev/null +++ b/postfix/mkpostfixcert @@ -0,0 +1,40 @@ +#!/bin/bash +# +# This is a short script to quickly generate a self-signed X.509 key for +# Postfix over SSL. Normally this script would get called by an automatic +# package installation routine. + +test -x /usr/bin/openssl || exit 0 + +prefix="/usr" +pemfile="/etc/postfix/postfix.pem" +randfile="/etc/postfix/postfix.rand" +conffile="/etc/postfix/postfix-cert.cnf" + +if [[ -f "${pemfile}" ]]; then + echo "${pemfile} already exists." + exit 1 +fi + +if [[ ! -f "${conffile}" ]] ; then + echo "${conffile} does not exists!" + exit 2 +fi + +cp /dev/null "${pemfile}" +chmod 600 "${pemfile}" +chown root "${pemfile}" + +cleanup() { + rm -f "${pemfile}" + rm -f "${randfile}" + exit 1 +} + +dd if=/dev/urandom of="${randfile}" count=1 2>/dev/null +/usr/bin/openssl req -new -x509 -days 3650 -nodes \ + -config "${conffile}" -out "${pemfile}" -keyout "${pemfile}" || cleanup +/usr/bin/openssl gendh -rand "${randfile}" 512 >> "${pemfile}" || cleanup +/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in "${pemfile}" || cleanup +rm -f "${randfile}" + diff --git a/postfix/postfix-cert.cnf b/postfix/postfix-cert.cnf new file mode 100644 index 0000000..1ab3d7d --- /dev/null +++ b/postfix/postfix-cert.cnf @@ -0,0 +1,23 @@ +RANDFILE = /usr/share/postfix.rand + +[ req ] +default_bits = 1024 +encrypt_key = yes +distinguished_name = req_dn +x509_extensions = cert_type +prompt = no + +[ req_dn ] +C=DE +ST=Berlin +L=Berlin +O=Frank Brehm +OU=Mail Server Postfix SSL key +CN=ns1.uhu-banane.de +emailAddress=postmaster@brehm-online.com + + +[ cert_type ] +nsCertType = server + +# vim: filetype=dosini diff --git a/postfix/postfix.pem b/postfix/postfix.pem new file mode 100644 index 0000000..92b54a2 --- /dev/null +++ b/postfix/postfix.pem @@ -0,0 +1,38 @@ +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMdEjw58wsRFmrbJ +JOhMBYHNgSlAY8POog2cqQWv0SPfK6eKMNWST6tnBrI/S6qc8aprOTr2JxDSoG8t +gxl6CdAKNFi9xGrXowe7aY/Xk72AcsResm72P4RbEpYvfN2lQOXjNwhODZD+wyNy +IOrj1NnHZ1f0mz+xhiZPJyyVD2QLAgMBAAECgYBC/gCeXUFZnRD7nLokwtIjJoTi +6nvf64s9ykpk2AwW5EOX6vSqCKtyM4vjxzXYITV6FtxBv1m45Sb82a82lHnReIW5 +4ae927Ef38YEorcNS3oq6IRgGBWM0t5a58Jz5AAE6SePI/LgLgfCegGxTLfHkCKL +b3lnZkhTvE7APqIhKQJBAObU7gc9vUkQyOSiuh04YvhHCA5IpW3aYQk9/SL+kPu2 +EehUEsJktT1inDdGnv8aolxtU/KFSj1GUvzvl8FmI50CQQDc/ppqeRDzrfA88Xi7 +rGVF9fVswphkFwxVIM8fOwStfmiPmn0KJ56YKlffs0DWzpfDWVenE5cK0oCxCJl+ +PvnHAkEAg45hZoEaaxUE2cGgftzPEx8wiSuAFP68BQ9uQM6DBOI8jIO1+VJ6NNUJ +oTs/jLa6SCELEhJDQG7fB0bp35B9xQJAVxqG9GZpdxJcuTiX1Kjbddq+9DIy7Ghl +NPxshqu1aUiEn+1NUX5SNTmjTwmRCdl92cJSGQlQpDRaAu0Xyrm5qwJBAIjBYKpg +0TaEw6g3rmXh2uUcKX8r0y+PdC5E3jplzTUwym2VV6shfyJ6CihvR6Ob3IGyQyBa +mThe7HFiFVBwl1w= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIC+zCCAmSgAwIBAgIJAPgeULySAVERMA0GCSqGSIb3DQEBCwUAMIGzMQswCQYD +VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xFDASBgNV +BAoMC0ZyYW5rIEJyZWhtMSQwIgYDVQQLDBtNYWlsIFNlcnZlciBQb3N0Zml4IFNT +TCBrZXkxGjAYBgNVBAMMEW5zMS51aHUtYmFuYW5lLmRlMSowKAYJKoZIhvcNAQkB +Fhtwb3N0bWFzdGVyQGJyZWhtLW9ubGluZS5jb20wHhcNMTYwMzA3MTc1NTIwWhcN +MjYwMzA1MTc1NTIwWjCBszELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEP +MA0GA1UEBwwGQmVybGluMRQwEgYDVQQKDAtGcmFuayBCcmVobTEkMCIGA1UECwwb +TWFpbCBTZXJ2ZXIgUG9zdGZpeCBTU0wga2V5MRowGAYDVQQDDBFuczEudWh1LWJh +bmFuZS5kZTEqMCgGCSqGSIb3DQEJARYbcG9zdG1hc3RlckBicmVobS1vbmxpbmUu +Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHRI8OfMLERZq2ySToTAWB +zYEpQGPDzqINnKkFr9Ej3yunijDVkk+rZwayP0uqnPGqazk69icQ0qBvLYMZegnQ +CjRYvcRq16MHu2mP15O9gHLEXrJu9j+EWxKWL3zdpUDl4zcITg2Q/sMjciDq49TZ +x2dX9Js/sYYmTycslQ9kCwIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ +KoZIhvcNAQELBQADgYEAK+nnUT4gsgjNofap8Z1YGMQ7rRHoWZ7iWk/4tIXLT+z5 +7OrCy+RbIqgV9Wv+I2ohsSew84Npq2T/Hc+tHUaCf5WQ+i/OTXSzIzxqEuf2ZVCG +qR1uMUJKRQ4GScdqKDdRNdJ5E4mDqTFYUDr5X0HOe3BAv0lL/fbZL2CcC5wgCvg= +-----END CERTIFICATE----- +-----BEGIN DH PARAMETERS----- +MEYCQQCD3bneuI1Rv1gt8IqX8lNfte2Wd+4XoNLHmT9WbMJgpofrT/Nptx+8RHor +W/A2qUEfE+XjdBdmvzAlNC5drk8DAgEC +-----END DH PARAMETERS----- diff --git a/postfix/smtp_auth b/postfix/smtp_auth new file mode 100644 index 0000000..629e006 --- /dev/null +++ b/postfix/smtp_auth @@ -0,0 +1,10 @@ +# Managed by config management +# Don't change it manually +# + +mail.brehm-online.com vmail:uhu +helga-six.brehm-online.com vmail:uhu +mail.uhu-banane.net vmail@uhu-banane.net:up2UdLCE + + +# vim: syntax=conf ts=8 diff --git a/postfix/smtp_auth.db b/postfix/smtp_auth.db new file mode 100644 index 0000000000000000000000000000000000000000..9acb35ead8f609139c3f02513c8c09fbfe8adfb0 GIT binary patch literal 12288 zcmeI&J#NA<6u|M9fU0&tX6fDwBuE`Ip&~Zcu9Zw1HIb4~0jbzH0TCMZkxWnk{i2dn|^Hokq?<>%H`JNVLO%6C_%i7A#j#nxnw4Tt zV4}zTa2!UdH_DRO?0+7mzi)5r|I>SZSGK19-zzg#;^n9Q<^JFPL%{uiDaMQd0tg_0 f00IagfB*srAb`L>37nSxQJB1HZxYY^v-