Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!----------------Postfix Files:
- #!----------------/etc/postfix/main.cf--
- # Debian specific: Specifying a file name will cause the first
- # line of that file to be used as the name. The Debian default
- # is /etc/mailname.
- #myorigin = /etc/mailname
- smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
- biff = no
- # appending .domain is the MUA's job.
- append_dot_mydomain = no
- # Uncomment the next line to generate "delayed mail" warnings
- #delay_warning_time = 4h
- readme_directory = no
- # TLS parameters
- smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
- smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
- smtpd_use_tls=yes
- smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
- smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
- # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
- # information on enabling SSL in the smtp client.
- smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
- myhostname = DemoMail.Domain.Local
- alias_maps = hash:/etc/aliases
- alias_database = hash:/etc/aliases
- myorigin = /etc/mailname
- mydestination = DemoMail.Domain.com, localhost.Domain.com, localhost
- relayhost =
- mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
- mailbox_command = procmail -a "$EXTENSION"
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
- ##!------------------------
- virtual_uid_maps = static:3000
- virtual_gid_maps = static:3000
- virtual_mailbox_base = /home/vmail
- virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
- virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
- virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
- relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
- virtual_transport = lmtp:unix:private/dovecot-lmtp
- smtpd_recipient_restrictions =
- check_policy_service unix:postgrey/socket,
- permit_mynetworks,
- permit_sasl_authenticated,
- reject_non_fqdn_hostname,
- reject_non_fqdn_sender,
- reject_non_fqdn_recipient,
- reject_unauth_destination,
- reject_unauth_pipelining,
- reject_invalid_hostname
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_security_options = noanonymous
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = private/auth
- milter_default_action = accept
- milter_mail_macros = i {auth_name} {auth_type}
- milter_connect_macros = b j _ {domain_name} {if_name} {if_addr}_
- smtpd_milters = unix:clamav/clamav-milter.ctl, unix:spamass/spamass.sock
- message_size_limit = 10240000
- smtp_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
- smtp_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
- smtpd_tls_auth_only = yes
- smtp_tls_security_level = may
- #!----------------End /etc/postfix/main.cf--
- #!----------------/etc/postfix/master.cf--
- # Postfix master process configuration file. For details on the format
- # of the file, see the master(5) manual page (command: "man 5 master" or
- # on-line: http://www.postfix.org/master.5.html).
- #
- # Do not forget to execute "postfix reload" after editing this file.
- #
- # ==========================================================================
- # service type private unpriv chroot wakeup maxproc command + args
- # (yes) (yes) (yes) (never) (100)
- # ==========================================================================
- smtp inet n - - - - smtpd
- #smtp inet n - - - 1 postscreen
- #smtpd pass - - - - - smtpd
- #dnsblog unix - - - - 0 dnsblog
- #tlsproxy unix - - - - 0 tlsproxy
- submission inet n - - - - smtpd
- -o syslog_name=postfix/submission
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- # -o smtpd_reject_unlisted_recipient=no
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- # -o smtpd_client_restrictions=$mua_client_restrictions
- # -o smtpd_helo_restrictions=$mua_helo_restrictions
- # -o smtpd_sender_restrictions=$mua_sender_restrictions
- # -o smtpd_recipient_restrictions=
- # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
- smtps inet n - - - - smtpd
- -o syslog_name=postfix/smtps
- -o smtpd_tls_wrappermode=yes
- -o smtpd_sasl_auth_enable=yes
- # -o smtpd_reject_unlisted_recipient=no
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- # -o smtpd_client_restrictions=$mua_client_restrictions
- # -o smtpd_helo_restrictions=$mua_helo_restrictions
- # -o smtpd_sender_restrictions=$mua_sender_restrictions
- # -o smtpd_recipient_restrictions=
- # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
- #628 inet n - - - - qmqpd
- pickup unix n - - 60 1 pickup
- cleanup unix n - - - 0 cleanup
- qmgr unix n - n 300 1 qmgr
- #qmgr unix n - n 300 1 oqmgr
- tlsmgr unix - - - 1000? 1 tlsmgr
- rewrite unix - - - - - trivial-rewrite
- bounce unix - - - - 0 bounce
- defer unix - - - - 0 bounce
- trace unix - - - - 0 bounce
- verify unix - - - - 1 verify
- flush unix n - - 1000? 0 flush
- proxymap unix - - n - - proxymap
- proxywrite unix - - n - 1 proxymap
- smtp unix - - - - - smtp
- relay unix - - - - - smtp
- # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
- showq unix n - - - - showq
- error unix - - - - - error
- retry unix - - - - - error
- discard unix - - - - - discard
- local unix - n n - - local
- virtual unix - n n - - virtual
- lmtp unix - - - - - lmtp
- anvil unix - - - - 1 anvil
- scache unix - - - - 1 scache
- #
- # ====================================================================
- # Interfaces to non-Postfix software. Be sure to examine the manual
- # pages of the non-Postfix software to find out what options it wants.
- #
- # Many of the following services use the Postfix pipe(8) delivery
- # agent. See the pipe(8) man page for information about ${recipient}
- # and other message envelope options.
- # ====================================================================
- #
- # maildrop. See the Postfix MAILDROP_README file for details.
- # Also specify in main.cf: maildrop_destination_recipient_limit=1
- #
- maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
- #
- # ====================================================================
- #
- # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
- #
- # Specify in cyrus.conf:
- # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
- #
- # Specify in main.cf one or more of the following:
- # mailbox_transport = lmtp:inet:localhost
- # virtual_transport = lmtp:inet:localhost
- #
- # ====================================================================
- #
- # Cyrus 2.1.5 (Amos Gouaux)
- # Also specify in main.cf: cyrus_destination_recipient_limit=1
- #
- #cyrus unix - n n - - pipe
- # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
- #
- # ====================================================================
- # Old example of delivery via Cyrus.
- #
- #old-cyrus unix - n n - - pipe
- # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
- #
- # ====================================================================
- #
- # See the Postfix UUCP_README file for configuration details.
- #
- uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
- #
- # Other external delivery methods.
- #
- ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
- bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
- scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
- mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
- #!----------------End /etc/postfix/master.cf
- #!----------------/etc/postfix/mysql_relay_domains.cf--
- hosts = 127.0.0.1
- user = postfixadmin
- password = #changeme
- dbname = postfixadmin
- query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = 1
- #!----------------End /etc/postfix/mysql_relay_domains.cf--
- #!----------------/etc/postfix/mysql_virtual_alias_maps.cf--
- hosts = 127.0.0.1
- user = postfixadmin
- password = #changeme
- dbname = postfixadmin
- query = SELECT goto FROM alias WHERE address='%s' AND active = 1
- #!----------------End /etc/postfix/mysql_virtual_alias_maps.cf--
- #!----------------/etc/postfix/mysql_virtual_mailbox_domains.cf--
- hosts = 127.0.0.1
- user = postfixadmin
- password = #changeme
- dbname = postfixadmin
- query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1
- #!----------------End /etc/postfix/mysql_virtual_mailbox_domains.cf--
- #!----------------/etc/postfix/mysql_virtual_mailbox_maps.cf--
- hosts = 127.0.0.1
- user = postfixadmin
- password = #changeme
- dbname = postfixadmin
- query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1
- #!----------------End /etc/postfix/mysql_virtual_mailbox_maps.cf--
- #!----------------Dovecot configuration files:
- #!----------------/etc/dovecot/dovecot.conf
- ## Dovecot configuration file
- # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
- # "doveconf -n" command gives a clean output of the changed settings. Use it
- # instead of copy&pasting files when posting to the Dovecot mailing list.
- # '#' character and everything after it is treated as comments. Extra spaces
- # and tabs are ignored. If you want to use either of these explicitly, put the
- # value inside quotes, eg.: key = "# char and trailing whitespace "
- # Most (but not all) settings can be overridden by different protocols and/or
- # source/destination IPs by placing the settings inside sections, for example:
- # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
- # Default values are shown for each setting, it's not required to uncomment
- # those. These are exceptions to this though: No sections (e.g. namespace {})
- # or plugin settings are added by default, they're listed only as examples.
- # Paths are also just examples with the real defaults being based on configure
- # options. The paths listed here are for configure --prefix=/usr
- # --sysconfdir=/etc --localstatedir=/var
- # Enable installed protocols
- !include_try /usr/share/dovecot/protocols.d/*.protocol
- # A comma separated list of IPs or hosts where to listen in for connections.
- # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
- # If you want to specify non-default ports or anything more complex,
- # edit conf.d/master.conf.
- #listen = *, ::
- # Base directory where to store runtime data.
- #base_dir = /var/run/dovecot/
- # Name of this instance. In multi-instance setup doveadm and other commands
- # can use -i <instance_name> to select which instance is used (an alternative
- # to -c <config_path>). The instance name is also added to Dovecot processes
- # in ps output.
- #instance_name = dovecot
- # Greeting message for clients.
- #login_greeting = Dovecot ready.
- # Space separated list of trusted network ranges. Connections from these
- # IPs are allowed to override their IP addresses and ports (for logging and
- # for authentication checks). disable_plaintext_auth is also ignored for
- # these networks. Typically you'd specify your IMAP proxy servers here.
- #login_trusted_networks =
- # Space separated list of login access check sockets (e.g. tcpwrap)
- #login_access_sockets =
- # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
- # proxying. This isn't necessary normally, but may be useful if the destination
- # IP is e.g. a load balancer's IP.
- #auth_proxy_self =
- # Show more verbose process titles (in ps). Currently shows user name and
- # IP address. Useful for seeing who are actually using the IMAP processes
- # (eg. shared mailboxes or if same uid is used for multiple accounts).
- #verbose_proctitle = no
- # Should all processes be killed when Dovecot master process shuts down.
- # Setting this to "no" means that Dovecot can be upgraded without
- # forcing existing client connections to close (although that could also be
- # a problem if the upgrade is e.g. because of a security fix).
- #shutdown_clients = yes
- # If non-zero, run mail commands via this many connections to doveadm server,
- # instead of running them directly in the same process.
- #doveadm_worker_count = 0
- # UNIX socket or host:port used for connecting to doveadm server
- #doveadm_socket_path = doveadm-server
- # Space separated list of environment variables that are preserved on Dovecot
- # startup and passed down to all of its child processes. You can also give
- # key=value pairs to always set specific settings.
- #import_environment = TZ
- ##
- ## Dictionary server settings
- ##
- # Dictionary can be used to store key=value lists. This is used by several
- # plugins. The dictionary can be accessed either directly or though a
- # dictionary server. The following dict block maps dictionary names to URIs
- # when the server is used. These can then be referenced using URIs in format
- # "proxy::<name>".
- dict {
- #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
- #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
- }
- # Most of the actual configuration gets included below. The filenames are
- # first sorted by their ASCII value and parsed in that order. The 00-prefixes
- # in filenames are intended to make it easier to understand the ordering.
- !include conf.d/*.conf
- # A config file can also tried to be included without giving an error if
- # it's not found:
- !include_try local.conf
- #!----------------End /etc/dovecot/dovecot.conf
- #!----------------/etc/dovecot/conf.d/10-auth.conf--
- ##
- ## Authentication processes
- ##
- # Disable LOGIN command and all other plaintext authentications unless
- # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
- # matches the local IP (ie. you're connecting from the same computer), the
- # connection is considered secure and plaintext authentication is allowed.
- # See also ssl=required setting.
- disable_plaintext_auth = no
- # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
- # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
- #auth_cache_size = 0
- # Time to live for cached data. After TTL expires the cached record is no
- # longer used, *except* if the main database lookup returns internal failure.
- # We also try to handle password changes automatically: If user's previous
- # authentication was successful, but this one wasn't, the cache isn't used.
- # For now this works only with plaintext authentication.
- #auth_cache_ttl = 1 hour
- # TTL for negative hits (user not found, password mismatch).
- # 0 disables caching them completely.
- #auth_cache_negative_ttl = 1 hour
- # Space separated list of realms for SASL authentication mechanisms that need
- # them. You can leave it empty if you don't want to support multiple realms.
- # Many clients simply use the first one listed here, so keep the default realm
- # first.
- #auth_realms =
- # Default realm/domain to use if none was specified. This is used for both
- # SASL realms and appending @domain to username in plaintext logins.
- #auth_default_realm =
- # List of allowed characters in username. If the user-given username contains
- # a character not listed in here, the login automatically fails. This is just
- # an extra check to make sure user can't exploit any potential quote escaping
- # vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
- # set this value to empty.
- #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
- # Username character translations before it's looked up from databases. The
- # value contains series of from -> to characters. For example "#@/@" means
- # that '#' and '/' characters are translated to '@'.
- #auth_username_translation =
- # Username formatting before it's looked up from databases. You can use
- # the standard variables here, eg. %Lu would lowercase the username, %n would
- # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
- # "-AT-". This translation is done after auth_username_translation changes.
- #auth_username_format = %Lu
- # If you want to allow master users to log in by specifying the master
- # username within the normal username string (ie. not using SASL mechanism's
- # support for it), you can specify the separator character here. The format
- # is then <username><separator><master username>. UW-IMAP uses "*" as the
- # separator, so that could be a good choice.
- #auth_master_user_separator =
- # Username to use for users logging in with ANONYMOUS SASL mechanism
- #auth_anonymous_username = anonymous
- # Maximum number of dovecot-auth worker processes. They're used to execute
- # blocking passdb and userdb queries (eg. MySQL and PAM). They're
- # automatically created and destroyed as needed.
- #auth_worker_max_count = 30
- # Host name to use in GSSAPI principal names. The default is to use the
- # name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
- # entries.
- #auth_gssapi_hostname =
- # Kerberos keytab to use for the GSSAPI mechanism. Will use the system
- # default (usually /etc/krb5.keytab) if not specified. You may need to change
- # the auth service to run as root to be able to read this file.
- #auth_krb5_keytab =
- # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
- # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
- #auth_use_winbind = no
- # Path for Samba's ntlm_auth helper binary.
- #auth_winbind_helper_path = /usr/bin/ntlm_auth
- # Time to delay before replying to failed authentications.
- #auth_failure_delay = 2 secs
- # Require a valid SSL client certificate or the authentication fails.
- #auth_ssl_require_client_cert = no
- # Take the username from client's SSL certificate, using
- # X509_NAME_get_text_by_NID() which returns the subject's DN's
- # CommonName.
- #auth_ssl_username_from_cert = no
- # Space separated list of wanted authentication mechanisms:
- # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
- # gss-spnego
- # NOTE: See also disable_plaintext_auth setting.
- auth_mechanisms = plain login
- ##
- ## Password and user databases
- ##
- #
- # Password database is used to verify user's password (and nothing more).
- # You can have multiple passdbs and userdbs. This is useful if you want to
- # allow both system users (/etc/passwd) and virtual users to login without
- # duplicating the system users into virtual database.
- #
- # <doc/wiki/PasswordDatabase.txt>
- #
- # User database specifies where mails are located and what user/group IDs
- # own them. For single-UID configuration use "static" userdb.
- #
- # <doc/wiki/UserDatabase.txt>
- #!include auth-deny.conf.ext
- #!include auth-master.conf.ext
- #!include auth-system.conf.ext
- !include auth-sql.conf.ext
- #!include auth-ldap.conf.ext
- #!include auth-passwdfile.conf.ext
- #!include auth-checkpassword.conf.ext
- #!include auth-vpopmail.conf.ext
- #!include auth-static.conf.ext
- #!----------------End /etc/dovecot/conf.d/10-auth.conf--
- #!----------------/etc/dovecot/conf.d/10-master.conf--
- #default_process_limit = 100
- #default_client_limit = 1000
- # Default VSZ (virtual memory size) limit for service processes. This is mainly
- # intended to catch and kill processes that leak memory before they eat up
- # everything.
- #default_vsz_limit = 256M
- # Login user is internally used by login processes. This is the most untrusted
- # user in Dovecot system. It shouldn't have access to anything at all.
- #default_login_user = dovenull
- # Internal user is used by unprivileged processes. It should be separate from
- # login user, so that login processes can't disturb other processes.
- #default_internal_user = dovecot
- service imap-login {
- inet_listener imap {
- port = 143
- }
- inet_listener imaps {
- port = 993
- ssl = yes
- }
- # Number of connections to handle before starting a new process. Typically
- # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
- # is faster. <doc/wiki/LoginProcess.txt>
- service_count = 1
- # Number of processes to always keep waiting for more connections.
- process_min_avail = 0
- # If you set service_count=0, you probably need to grow this.
- vsz_limit = $default_vsz_limit
- }
- service pop3-login {
- inet_listener pop3 {
- #port = 110
- }
- inet_listener pop3s {
- #port = 995
- #ssl = yes
- }
- }
- service lmtp {
- unix_listener /var/spool/postfix/private/dovecot-lmtp {
- mode = 0666
- user = postfix
- group = postfix
- }
- # Create inet listener only if you can't use the above UNIX socket
- #inet_listener lmtp {
- # Avoid making LMTP visible for the entire internet
- #address =
- #port =
- #}
- }
- service imap {
- # Most of the memory goes to mmap()ing files. You may need to increase this
- # limit if you have huge mailboxes.
- #vsz_limit = $default_vsz_limit
- # Max. number of IMAP processes (connections)
- #process_limit = 1024
- }
- service pop3 {
- # Max. number of POP3 processes (connections)
- #process_limit = 1024
- }
- service auth {
- # auth_socket_path points to this userdb socket by default. It's typically
- # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
- # full permissions to this socket are able to get a list of all usernames and
- # get the results of everyone's userdb lookups.
- #
- # The default 0666 mode allows anyone to connect to the socket, but the
- # userdb lookups will succeed only if the userdb returns an "uid" field that
- # matches the caller process's UID. Also if caller's uid or gid matches the
- # socket's uid or gid the lookup succeeds. Anything else causes a failure.
- #
- # To give the caller full permissions to lookup all users, set the mode to
- # something else than 0666 and Dovecot lets the kernel enforce the
- # permissions (e.g. 0777 allows everyone full permissions).
- unix_listener auth-userdb {
- #mode = 0666
- #user =
- #group =
- }
- # Postfix smtp-auth
- unix_listener /var/spool/postfix/private/auth {
- mode = 0666
- }
- # Auth process is run as this user.
- #user = $default_internal_user
- }
- service auth-worker {
- # Auth worker process is run as root by default, so that it can access
- # /etc/shadow. If this isn't necessary, the user should be changed to
- # $default_internal_user.
- #user = root
- }
- service dict {
- # If dict proxy is used, mail processes should have access to its socket.
- # For example: mode=0660, group=vmail and global mail_access_groups=vmail
- unix_listener dict {
- #mode = 0600
- #user =
- #group =
- }
- }
- #!----------------End /etc/dovecot/conf.d/10-master.conf--
- #!----------------/etc/dovecot/conf.d/10-ssl.conf--
- ##
- ## SSL settings
- ##
- # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
- ssl = yes
- # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
- # dropping root privileges, so keep the key file unreadable by anyone but
- # root. Included doc/mkcert.sh can be used to easily generate self-signed
- # certificate, just make sure to update the domains in dovecot-openssl.cnf
- ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
- ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
- # If key file is password protected, give the password here. Alternatively
- # give it when starting dovecot with -p parameter. Since this file is often
- # world-readable, you may want to place this setting instead to a different
- # root owned 0600 file by using ssl_key_password = <path.
- #ssl_key_password =
- # PEM encoded trusted certificate authority. Set this only if you intend to use
- # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
- # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
- #ssl_ca =
- # Require that CRL check succeeds for client certificates.
- #ssl_require_crl = yes
- # Directory and/or file for trusted SSL CA certificates. These are used only
- # when Dovecot needs to act as an SSL client (e.g. imapc backend). The
- # directory is usually /etc/ssl/certs in Debian-based systems and the file is
- # /etc/pki/tls/cert.pem in RedHat-based systems.
- #ssl_client_ca_dir =
- #ssl_client_ca_file =
- # Request client to send a certificate. If you also want to require it, set
- # auth_ssl_require_client_cert=yes in auth section.
- #ssl_verify_client_cert = no
- # Which field from certificate to use for username. commonName and
- # x500UniqueIdentifier are the usual choices. You'll also need to set
- # auth_ssl_username_from_cert=yes.
- #ssl_cert_username_field = commonName
- # DH parameters length to use.
- #ssl_dh_parameters_length = 1024
- # SSL protocols to use
- #ssl_protocols = !SSLv2
- # SSL ciphers to use
- #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
- # Prefer the server's order of ciphers over client's.
- #ssl_prefer_server_ciphers = no
- # SSL crypto device to use, for valid values run "openssl engine"
- #ssl_crypto_device =
- #!----------------End /etc/dovecot/conf.d/10-ssl.conf--
- #!----------------/etc/dovecot/dovecot-mysql.conf.ext--
- driver = mysql
- connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=root
- default_pass_scheme = MD5-CRYPT
- user_query = SELECT '/home/vmail/%d/%n' AS home, 3000 AS uid, 3000 AS gid FROM mailbox WHERE username = '%u'
- password_query = SELECT password FROM mailbox WHERE username = '%u'
- #!----------------End /etc/dovecot/dovecot-mysql.conf.ext--
- #!----------------Postgrey configuration files:
- #!----------------/etc/default/postgrey--
- bash: cd: /etc/default/postgrey: Not a directory
- root@DemoMail:/etc/postgrey# cd /etc/default/
- root@DemoMail:/etc/default# cat postgrey
- # postgrey startup options, created for Debian
- # you may want to set
- # --delay=N how long to greylist, seconds (default: 300)
- # --max-age=N delete old entries after N days (default: 35)
- # see also the postgrey(8) manpage
- POSTGREY_OPTS="--unix=/var/spool/postfix/postgrey/socket --delay=60"
- # the --greylist-text commandline argument can not be easily passed through
- # POSTGREY_OPTS when it contains spaces. So, insert your text here:
- #POSTGREY_TEXT="Your customized rejection message here"
- #!----------------End /etc/default/postgrey--
- #!----------------Spamassassin configuration files
- #!----------------/etc/default/spamassassin--
- # Duncan Findlay
- # WARNING: please read README.spamd before using.
- # There may be security risks.
- # If you're using systemd (default for jessie), the ENABLED setting is
- # not used. Instead, enable spamd by issuing:
- # systemctl enable spamassassin.service
- # Change to "1" to enable spamd on systems using sysvinit:
- ENABLED=1
- # Options
- # See man spamd for possible options. The -d option is automatically added.
- # SpamAssassin uses a preforking model, so be careful! You need to
- # make sure --max-children is not set to anything higher than 5,
- # unless you know what you're doing.
- OPTIONS="--create-prefs --max-children 5 --helper-home-dir=/var/lig/spamassassin -u spamd -g spamd"
- # Pid file
- # Where should spamd write its PID to file? If you use the -u or
- # --username option above, this needs to be writable by that user.
- # Otherwise, the init script will not be able to shut spamd down.
- PIDFILE="/var/run/spamd.pid"
- # Set nice level of spamd
- #NICE="--nicelevel 15"
- # Cronjob
- # Set to anything but 0 to enable the cron job to automatically update
- # spamassassin's rules on a nightly basis
- CRON=1
- #!----------------End /etc/default/spamassassin--
- #!----------------/etc/default/spamass-milter--
- # spamass-milt startup defaults
- # OPTIONS are passed directly to spamass-milter.
- # man spamass-milter for details
- # Non-standard configuration notes:
- # See README.Debian if you use the -x option with sendmail
- # You should not pass the -d option in OPTIONS; use SOCKET for that.
- # Default, use the spamass-milter user as the default user, ignore
- # messages from localhost
- OPTIONS="-u spamass-milter -i 127.0.0.1"
- # Reject emails with spamassassin scores > 15.
- OPTIONS="-r -1"
- # Do not modify Subject:, Content-Type: or body.
- OPTIONS="-m"
- ######################################
- # If /usr/sbin/postfix is executable, the following are set by
- # default. You can override them by uncommenting and changing them
- # here.
- ######################################
- SOCKET="/var/spool/postfix/spamass/spamass.sock"
- SOCKETOWNER="spamass-milter:postfix"
- SOCKETMODE="0660"
- ######################################
- #!----------------End /etc/default/spamass-milter--
- #!----------------/etc/spamassassin/local.cf--
- # This is the right place to customize your installation of SpamAssassin.
- #
- # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
- # tweaked.
- #
- # Only a small subset of options are listed below
- #
- ###########################################################################
- # Add *****SPAM***** to the Subject header of spam e-mails
- #
- rewrite_header Subject *****SPAM*****
- # Save spam messages as a message/rfc822 MIME attachment instead of
- # modifying the original message (0: off, 2: use text/plain instead)
- #
- report_safe 1
- # Set which networks or hosts are considered 'trusted' by your mail
- # server (i.e. not spammers)
- #
- # trusted_networks 212.17.35.
- # Set file-locking method (flock is not safe over NFS, but is faster)
- #
- # lock_method flock
- # Set the threshold at which a message is considered spam (default: 5.0)
- #
- required_score 5.0
- # Use Bayesian classifier (default: 1)
- #
- use_bayes 1
- # Bayesian classifier auto-learning (default: 1)
- #
- bayes_auto_learn 1
- # Set headers which may provide inappropriate cues to the Bayesian
- # classifier
- #
- # bayes_ignore_header X-Bogosity
- # bayes_ignore_header X-Spam-Flag
- # bayes_ignore_header X-Spam-Status
- # Some shortcircuiting, if the plugin is enabled
- #
- ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
- #
- # default: strongly-whitelisted mails are *really* whitelisted now, if the
- # shortcircuiting plugin is active, causing early exit to save CPU load.
- # Uncomment to turn this on
- #
- # shortcircuit USER_IN_WHITELIST on
- # shortcircuit USER_IN_DEF_WHITELIST on
- # shortcircuit USER_IN_ALL_SPAM_TO on
- # shortcircuit SUBJECT_IN_WHITELIST on
- # the opposite; blacklisted mails can also save CPU
- #
- # shortcircuit USER_IN_BLACKLIST on
- # shortcircuit USER_IN_BLACKLIST_TO on
- # shortcircuit SUBJECT_IN_BLACKLIST on
- # if you have taken the time to correctly specify your "trusted_networks",
- # this is another good way to save CPU
- #
- # shortcircuit ALL_TRUSTED on
- # and a well-trained bayes DB can save running rules, too
- #
- # shortcircuit BAYES_99 spam
- # shortcircuit BAYES_00 ham
- endif # Mail::SpamAssassin::Plugin::Shortcircuit
- #!----------------End /etc/spamassassin/local.cf--
- #!----------------/etc/spamassassin/spamc.conf--
- -U /var/spool/postfix/spamass/spamsass.sock
- -u spamass-milter
- -s 350000
- #!----------------End /etc/spamassassin/spamc.conf--
- #!----------------Clamav configuration files:
- #!----------------/etc/clamav/clamd.conf--
- #Automatically Generated by clamav-daemon postinst
- #To reconfigure clamd run #dpkg-reconfigure clamav-daemon
- #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
- LocalSocket /var/run/clamav/clamd.ctl
- FixStaleSocket true
- LocalSocketGroup clamav
- LocalSocketMode 666
- # TemporaryDirectory is not set to its default /tmp here to make overriding
- # the default with environment variables TMPDIR/TMP/TEMP possible
- User clamav
- AllowSupplementaryGroups false
- ScanMail true
- ScanArchive true
- ArchiveBlockEncrypted false
- MaxDirectoryRecursion 15
- FollowDirectorySymlinks false
- FollowFileSymlinks false
- ReadTimeout 180
- MaxThreads 12
- MaxConnectionQueueLength 15
- LogSyslog false
- LogRotate true
- LogFacility LOG_LOCAL6
- LogClean false
- LogVerbose false
- DatabaseDirectory /var/lib/clamav
- OfficialDatabaseOnly false
- SelfCheck 3600
- Foreground false
- Debug false
- ScanPE true
- MaxEmbeddedPE 10M
- ScanOLE2 true
- ScanPDF true
- ScanHTML true
- MaxHTMLNormalize 10M
- MaxHTMLNoTags 2M
- MaxScriptNormalize 5M
- MaxZipTypeRcg 1M
- ScanSWF true
- DetectBrokenExecutables false
- ExitOnOOM false
- LeaveTemporaryFiles false
- AlgorithmicDetection true
- ScanELF true
- IdleTimeout 30
- CrossFilesystems true
- PhishingSignatures true
- PhishingScanURLs true
- PhishingAlwaysBlockSSLMismatch false
- PhishingAlwaysBlockCloak false
- PartitionIntersection false
- DetectPUA false
- ScanPartialMessages false
- HeuristicScanPrecedence false
- StructuredDataDetection false
- CommandReadTimeout 5
- SendBufTimeout 200
- MaxQueue 100
- ExtendedDetectionInfo true
- OLE2BlockMacros false
- ScanOnAccess false
- AllowAllMatchScan true
- ForceToDisk false
- DisableCertCheck false
- DisableCache false
- MaxScanSize 100M
- MaxFileSize 25M
- MaxRecursion 10
- MaxFiles 10000
- MaxPartitions 50
- MaxIconsPE 100
- StatsEnabled false
- StatsPEDisabled true
- StatsHostID auto
- StatsTimeout 10
- StreamMaxLength 25M
- LogFile /var/log/clamav/clamav.log
- LogTime true
- LogFileUnlock false
- LogFileMaxSize 0
- Bytecode true
- BytecodeSecurity TrustSigned
- BytecodeTimeout 60000
- #!----------------End /etc/clamav/clamd.conf--
- #!----------------/etc/clamav/clamav-milter.conf--
- #Automatically Generated by clamav-milter postinst
- #To reconfigure clamav-milter run #dpkg-reconfigure clamav-milter
- #Please read /usr/share/doc/clamav-base/README.Debian.gz for details
- MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl
- FixStaleSocket true
- User clamav
- AllowSupplementaryGroups true
- ReadTimeout 120
- Foreground false
- PidFile /var/run/clamav/clamav-milter.pid
- ClamdSocket unix:/var/run/clamav/clamd.ctl
- OnClean Accept
- OnInfected Reject
- OnFail Defer
- AddHeader Replace
- LogSyslog false
- LogFacility LOG_LOCAL6
- LogVerbose false
- LogInfected Off
- LogClean Off
- LogRotate true
- MaxFileSize 25M
- SupportMultipleRecipients false
- RejectMsg Rejected: %v found
- TemporaryDirectory /tmp
- LogFile /var/log/clamav/clamav-milter.log
- LogTime true
- LogFileUnlock false
- LogFileMaxSize 0
- MilterSocketGroup clamav
- MilterSocketMode 660
- #!----------------/etc/clamav/clamav-milter.conf--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement