Advertisement
Guest User

Untitled

a guest
Apr 8th, 2016
207
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.63 KB | None | 0 0
  1. # postfix config file
  2.  
  3. # uncomment for debugging if needed
  4. soft_bounce=yes
  5.  
  6. # postfix main
  7. mail_owner = postfix
  8. setgid_group = postdrop
  9. delay_warning_time = 4
  10.  
  11. # postfix paths
  12. html_directory = no
  13. command_directory = /usr/sbin
  14. daemon_directory = /usr/lib/postfix
  15. queue_directory = /var/spool/postfix
  16. sendmail_path = /usr/sbin/sendmail.postfix
  17. newaliases_path = /usr/bin/newaliases.postfix
  18. mailq_path = /usr/bin/mailq.postfix
  19. manpage_directory = /usr/share/man
  20. sample_directory = /usr/share/doc/postfix-2.2.2/samples
  21. readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
  22.  
  23. # network settings
  24. inet_interfaces = all
  25. mydomain = njoror.squashedfly.eu
  26. myhostname = njoror.squashedfly.eu
  27. mynetworks = 127.0.0.1, 213.138.113.144
  28. mydestination = localhost.$mydomain, localhost
  29. relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf
  30.  
  31. # mail delivery
  32. recipient_delimiter = +
  33. dovecot_destination_recipient_limit = 1
  34.  
  35. # mappings
  36. alias_maps = hash:/etc/aliases
  37. alias_database = hash:/etc/aliases
  38. #transport_maps = hash:/etc/postfix/transport
  39. #local_recipient_maps =
  40.  
  41. # virtual setup
  42. virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,
  43. regexp:/etc/sentora/configs/postfix/virtual_regexp
  44. virtual_mailbox_base = /var/sentora/vmail
  45. virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf
  46. virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf
  47. virtual_minimum_uid = 999
  48. virtual_uid_maps = static:999
  49. virtual_gid_maps = static:8
  50. virtual_transport = dovecot
  51. dovecot_destination_recipient_limit = 1
  52.  
  53. # debugging
  54. debug_peer_level = 2
  55. debugger_command =
  56. PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
  57. xxgdb $daemon_directory/$process_name $process_id & sleep 5
  58.  
  59. # authentication
  60. smtpd_sasl_auth_enable = yes
  61. smtpd_sasl_security_options = noanonymous
  62. smtpd_sasl_local_domain = $myhostname
  63. broken_sasl_auth_clients = yes
  64. smtpd_sasl_type = dovecot
  65. smtpd_sasl_path = private/auth
  66.  
  67. # tls config
  68. # smtp_use_tls = no
  69. # smtpd_use_tls = no
  70. #smtp_tls_note_starttls_offer = yes
  71. #smtpd_tls_loglevel = 1
  72. #smtpd_tls_received_header = yes
  73. #smtpd_tls_session_cache_timeout = 3600s
  74. #tls_random_source = dev:/dev/urandom
  75. #smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
  76. # Change mail.example.com.* to your host name
  77. #smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
  78. #smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
  79. # smtpd_tls_CAfile = /etc/pki/tls/root.crt
  80.  
  81. # rules restrictions
  82. smtpd_client_restrictions =
  83. smtpd_helo_restrictions = permit_mynetworks,
  84. reject_invalid_hostname,
  85. permit
  86. smtpd_sender_restrictions = permit_sasl_authenticated,
  87. permit_mynetworks,
  88. reject_unknown_sender_domain,
  89. permit
  90. smtpd_recipient_restrictions = permit_sasl_authenticated,
  91. permit_mynetworks,
  92. permit_inet_interfaces,
  93. reject_unauth_destination,
  94. reject_non_fqdn_sender,
  95. reject_non_fqdn_recipient,
  96. reject_non_fqdn_hostname,
  97. permit_sasl_authenticated,
  98. reject_unknown_recipient_domain,
  99. reject_unauth_destination,
  100. reject_invalid_hostname
  101. # uncomment for realtime black list checks. (Warn: will also reject false positive)
  102. ,reject_rbl_client zen.spamhaus.org
  103. ,reject_rbl_client bl.spamcop.net
  104. ,reject_rbl_client dnsbl.sorbs.net
  105. #,check_policy_service inet:127.0.0.1:10023
  106.  
  107. smtpd_helo_required = yes
  108. unknown_local_recipient_reject_code = 550
  109. disable_vrfy_command = yes
  110. smtpd_data_restrictions = reject_unauth_pipelining
  111. smtpd_banner = $myhostname ESMTP
  112.  
  113. message_size_limit = 20480000
  114.  
  115.  
  116. # Things Philip Changed for SSL
  117.  
  118. # Raise log level as default doesn't give much information
  119. smtpd_tls_loglevel = 1
  120.  
  121. # path to the certificate file, should be root:root and 0444
  122. smtpd_tls_cert_file=/etc/letsencrypt/live/njoror.squashedfly.eu/fullchain.pem
  123.  
  124. # path to the private key file, should be root:root and 0400
  125. smtpd_tls_key_file=/etc/letsencrypt/live/njoror.squashedfly.eu/privkey.pem
  126.  
  127. # Allow use of TLS but make it optional
  128. smtpd_use_tls=yes
  129.  
  130. # Cache sessions for speed improvement
  131. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
  132. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  133.  
  134. # Disable SSLv2/3 as they are vulnerable
  135. smtpd_tls_protocols = !SSLv2, !SSLv3
  136.  
  137. # Insist on stronger ciphers
  138. smtpd_tls_ciphers = high
  139.  
  140. # SASL parameters
  141. # Don't forget permit_sasl_authenticated in smtpd_relay_restrictions
  142. smtpd_sasl_type = dovecot
  143. smtpd_sasl_path = private/auth
  144. smtpd_sasl_auth_enable = yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement