tinom

# main.cf specific for phamm

queue_directory = /var/spool/postfix

command_directory = /usr/local/sbin

daemon_directory = /usr/local/libexec/postfix

data_directory = /var/db/postfix

#mail_owner = postfix

 

 

#  Copyright (c) 2005 Alessandro De Zorzi, Mirko Grava

#                               <phamm@rhx.it> http://phamm.rhx.it/

#

#  Permission is granted to copy, distribute and/or modify this document

#  under the terms of the GNU Free Documentation License, Version 1.2

#  or any later version published by the Free Software Foundation;

#  A copy of the license in DOCS.LICENSE file.

 

#ldap_bind_dn = cn=phamm,o=hosting,dc=mysite,dc=com

#ldap_bind_pw = pHaMm

#ldap_search_base = o=hosting,dc=mysite,dc=com

#ldap_domain = dc=mysite,dc=com

#ldap_server_host = 192.168.1.7

#ldap_server_port = 389

#ldap_version = 3

 

bind_dn = cn=phamm,o=hosting,dc=mysite,dc=com

bind_pw = pHaMm

search_base = o=hosting,dc=mysite,dc=com

domain = dc=mysite,dc=com

server_host = 192.168.1.7

server_port = 389

version = 3

 

# transports

#transport_server_host = $ldap_server_host

#transport_search_base = $ldap_search_base

transport_server_host = $server_host

transport_search_base = $search_base

transport_query_filter = (&(&(vd=%s)(objectClass=VirtualDomain))(accountActive=TRUE)(delete=FALSE))

transport_result_attribute = postfixTransport

transport_cache = no

transport_bind = yes

transport_scope = one

#transport_bind_dn = $ldap_bind_dn

#transport_bind_pw = $ldap_bind_pw

#transport_version = $ldap_version

transport_bind_dn = $bind_dn

transport_bind_pw = $bind_pw

transport_version = $version

 

# aliases

#aliases_server_host = $ldap_server_host

#aliases_search_base = $ldap_search_base

aliases_server_host = $server_host

aliases_search_base = $search_base

aliases_query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))

aliases_result_attribute = maildrop

aliases_bind = yes

aliases_cache = no

#aliases_bind_dn = $ldap_bind_dn

#aliases_bind_pw = $ldap_bind_pw

#aliases_version = $ldap_version

aliases_bind_dn = $bind_dn

aliases_bind_pw = $bind_pw

aliases_version = $version

 

# VirtualForward

#virtualforward_server_host = $ldap_server_host

#virtualforward_search_base = $ldap_search_base

virtualforward_server_host = $server_host

virtualforward_search_base = $search_base

virtualforward_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))

virtualforward_result_attribute = maildrop

virtualforward_bind = yes

virtualforward_cache = no

#virtualforward_bind_dn = $ldap_bind_dn

#virtualforward_bind_pw = $ldap_bind_pw

#virtualforward_version = $ldap_version

virtualforward_bind_dn = $bind_dn

virtualforward_bind_pw = $bind_pw

virtualforward_version = $version

 

# Accounts

accounts_server_host = $server_host

accounts_search_base = $search_base

accounts_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))

accounts_result_attribute = mailbox

accounts_cache = no

accounts_bind = yes

accounts_bind_dn = $bind_dn

accounts_bind_pw = $bind_pw

accounts_version = $version

 

accountsmap_server_host = $server_host

accountsmap_search_base = $search_base

accountsmap_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))

accountsmap_result_attribute = mail

accountsmap_cache = no

accountsmap_bind = yes

accountsmap_bind_dn = $bind_dn

accountsmap_bind_pw = $bind_pw

accountsmap_version = $version

 

# virtual quota

quota_server_host = $server_host

quota_search_base = $search_base

quota_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(accountActive=TRUE)(delete=FALSE))

quota_result_attribute = quota

quota_cache = no

quota_bind = yes

quota_bind_dn = $bind_dn

quota_bind_pw = $bind_pw

quota_version = $version

 

# Mail to reply for gnarwl and mail to forward during vacation

recipient_bcc_maps = ldap:vfm

vfm_server_host = $server_host

vfm_search_base = $search_base

vfm_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))

vfm_result_attribute = mailAutoreply

vfm_cache = no

vfm_bind = yes

vfm_bind_dn = $bind_dn

vfm_bind_pw = $bind_pw

vfm_version = $version

 

# transport_maps

maildrop_destination_concurrency_limit = 2

maildrop_destination_recipient_limit = 1

gnarwl_destination_concurrency_limit = 1

gnarwl_destination_recipient_limit = 1

transport_maps = hash:/usr/local/etc/postfix/transport, ldap:transport

mydestination = $transport_maps, localhost, $myhostname, localhost.$mydomain, $mydomain

virtual_alias_maps = hash:/usr/local/etc/postfix/virtual, ldap:virtualforward, ldap:aliases, ldap:accountsmap

 

# virtual accounts for delivery

virtual_transport = dovecot

virtual_mailbox_base = /home/vmail/domaines/

virtual_mailbox_maps = ldap:accounts

virtual_mailbox_domains = ldap:domains

virtual_minimum_uid = 1001

virtual_uid_maps = static:1001

virtual_gid_maps = static:1001

 

local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, $virtual_mailbox_maps

 

#Gestion SLL(TLS)

# ---------------------- SASL PART START ----------------------

smtpd_sasl_auth_enable          = yes

#smtpd_sasl_local_domain        = $myhostname

smtpd_sasl_exceptions_networks  = $mynetworks

smtpd_sasl_security_options     = noanonymous

broken_sasl_auth_clients        = yes

smtpd_sasl_type                 = dovecot

# Can be an absolute path, or relative to $queue_directory

smtpd_sasl_path                 = private/auth

# ---------------------- SASL PART END ----------------------

# ---------------------- TLS PART START ----------------------

smtpd_use_tls = yes

#smtpd_tls_auth_only = yes

smtp_tls_key_file = /data/certificats/mail.mysite.com/mail.mysite.com.key

smtp_tls_cert_file = /data/certificats/mail.mysite.com/mail.mysite.com.crt

smtp_tls_CAfile = /data/certificats/RTHAcacert.pem

smtp_tls_security_level = may

smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache

smtpd_tls_key_file = /data/certificats/mail.mysite.com/mail.mysite.com.key

smtpd_tls_cert_file = /data/certificats/mail.mysite.com/mail.mysite.com.crt

smtpd_tls_CAfile = /data/certificats/RTHAcacert.pem

smtpd_tls_security_level = may

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

# ---------------------- TLS PART END ----------------------

#----------------------Partie SECURITE----------------------

smtpd_helo_required             = yes

disable_vrfy_command            = yes

non_fqdn_reject_code            = 450

invalid_hostname_reject_code    = 450

maps_rbl_reject_code            = 450

smtpd_recipient_restrictions =

        permit_mynetworks

        permit_sasl_authenticated

        permit_tls_clientcerts

        reject_unauth_destination

        reject_invalid_helo_hostname

        warn_if_reject reject_non_fqdn_helo_hostname

        warn_if_reject reject_unknown_helo_hostname

        warn_if_reject reject_unknown_client

        reject_non_fqdn_sender

        reject_non_fqdn_recipient

        reject_unknown_sender_domain

        reject_unknown_recipient_domain

        warn_if_reject reject_unverified_sender

        reject_unverified_recipient

        reject_rbl_client cbl.abuseat.org

        reject_rbl_client list.dsbl.org

        reject_rbl_client opm.blitzed.org

        reject_rbl_client sbl.spamhaus.org

        reject_rbl_client bl.spamcop.net

        reject_rbl_client dnsbl.sorbs.net=127.0.0.2

        reject_rbl_client dnsbl.sorbs.net=127.0.0.3

        reject_rbl_client dnsbl.sorbs.net=127.0.0.4

        reject_rbl_client dnsbl.sorbs.net=127.0.0.5

        reject_rbl_client dnsbl.sorbs.net=127.0.0.7

        reject_rbl_client dnsbl.sorbs.net=127.0.0.9

        reject_rbl_client dnsbl.sorbs.net=127.0.0.11

        reject_rbl_client dnsbl.sorbs.net=127.0.0.12

        warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org

        warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org

        warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org

        warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org

        warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org

        permit

smtpd_data_restrictions =

        reject_unauth_pipelining,

        reject_multi_recipient_bounce,

        permit

mailbox_command = /usr/local/libexec/dovecot/deliver

mailbox_transport = dovecot

dovecot_destination_recipient_limit = 1