job/mailserver-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse source
This commit is contained in:
job 2024-05-23 20:18:17 +00:00
commit a60b5affa8
22 changed files with 2923 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
opendkim.conf Normal file
View file

@ -0,0 +1,51 @@
# This is a basic configuration for signing and verifying. It can easily be
# adapted to suit a basic installation. See opendkim.conf(5) and
# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete
# documentation of available configuration parameters.
Syslog yes
SyslogSuccess yes
#LogWhy no
# Common signing and verification parameters. In Debian, the "From" header is
# oversigned, because it is often the identity key used by reputation systems
# and thus somewhat security sensitive.
Canonicalization relaxed/simple
#Mode sv
#SubDomains no
OversignHeaders From
# Signing domain, selector, and key (required). For example, perform signing
# for domain "example.com" with selector "2020" (2020._domainkey.example.com),
# using the private key stored in /etc/dkimkeys/example.private. More granular
# setup options can be found in /usr/share/doc/opendkim/README.opendkim.
Domain toetersnoet.nl,jobvdvalk.nl,toetersnoet.online,jobvdvalk.com
Selector 2021
KeyFile /etc/dkimkeys/2021.private
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
# using a local socket with MTAs that access the socket as a non-privileged
# user (for example, Postfix). You may need to add user "postfix" to group
# "opendkim" in that case.
UserID opendkim
UMask 007
# Socket for the MTA connection (required). If the MTA is inside a chroot jail,
# it must be ensured that the socket is accessible. In Debian, Postfix runs in
# a chroot in /var/spool/postfix, therefore a Unix socket would have to be
# configured as shown on the last line below.
Socket local:/run/opendkim/opendkim.sock
Socket inet:8891@localhost
#Socket inet:8891
#Socket local:/var/spool/postfix/opendkim/opendkim.sock
PidFile /run/opendkim/opendkim.pid
# Hosts for which to sign rather than verify, default is 127.0.0.1. See the
# OPERATION section of opendkim(8) for more information.
#InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided
# by the package dns-root-data.
TrustAnchorFile /usr/share/dns/root.key
#Nameservers 127.0.0.1

119
opendmarc.conf Normal file
View file

@ -0,0 +1,119 @@
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see openmarc.conf(5) and/or
# /usr/share/doc/opendmarc/examples/opendmarc.conf.sample.
## AuthservID (string)
## defaults to MTA name
##
## Sets the "authserv-id" to use when generating the Authentication-Results:
## header field after verifying a message. If the string "HOSTNAME" is
## provided, the name of the host running the filter (as returned by the
## gethostname(3) function) will be used.
#
AuthservID OpenDMARC
TrustedAuthservIDs mail.toetersnoet.nl
## FailureReports { true | false }
## default "false"
##
## Enables generation of failure reports when the DMARC test fails and the
## purported sender of the message has requested such reports. Reports are
## formatted per RFC6591.
#
# FailureReports false
## PidFile path
## default (none)
##
## Specifies the path to a file that should be created at process start
## containing the process ID.
#
PidFile /run/opendmarc/opendmarc.pid
## PublicSuffixList path
## default (none)
##
## Specifies the path to a file that contains top-level domains (TLDs) that
## will be used to compute the Organizational Domain for a given domain name,
## as described in the DMARC specification. If not provided, the filter will
## not be able to determine the Organizational Domain and only the presented
## domain will be evaluated.
#
PublicSuffixList /usr/share/publicsuffix/public_suffix_list.dat
## RejectFailures { true | false }
## default "false"
##
## If set, messages will be rejected if they fail the DMARC evaluation, or
## temp-failed if evaluation could not be completed. By default, no message
## will be rejected or temp-failed regardless of the outcome of the DMARC
## evaluation of the message. Instead, an Authentication-Results header
## field will be added.
#
RejectFailures true
## Socket socketspec
## default (none)
##
## Specifies the socket that should be established by the filter to receive
## connections from sendmail(8) in order to provide service. socketspec is
## in one of two forms: local:path, which creates a UNIX domain socket at
## the specified path, or inet:port[@host] or inet6:port[@host] which creates
## a TCP socket on the specified port for the appropriate protocol family.
## If the host is not given as either a hostname or an IP address, the
## socket will be listening on all interfaces. This option is mandatory
## either in the configuration file or on the command line. If an IP
## address is used, it must be enclosed in square brackets.
#
Socket local:/var/spool/postfix/opendmarc/opendmarc.sock
## Syslog { true | false }
## default "false"
##
## Log via calls to syslog(3) any interesting activity.
#
Syslog true
## SyslogFacility facility-name
## default "mail"
##
## Log via calls to syslog(3) using the named facility. The facility names
## are the same as the ones allowed in syslog.conf(5).
#
# SyslogFacility mail
## TrustedAuthservIDs string
## default HOSTNAME
##
## Specifies one or more "authserv-id" values to trust as relaying true
## upstream DKIM and SPF results. The default is to use the name of
## the MTA processing the message. To specify a list, separate each entry
## with a comma. The key word "HOSTNAME" will be replaced by the name of
## the host running the filter as reported by the gethostname(3) function.
#
# TrustedAuthservIDs HOSTNAME
## UMask mask
## default (none)
##
## Requests a specific permissions mask to be used for file creation. This
## only really applies to creation of the socket when Socket specifies a
## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary
## files are normally created by the mkstemp(3) function that enforces a
## specific file mode on creation regardless of the process umask. See
## umask(2) for more information.
#
UMask 0002
## UserID user[:group]
## default (none)
##
## Attempts to become the specified userid before starting operations.
## The process will be assigned all of the groups and primary group ID of
## the named userid unless an alternate group is specified.
#
UserID opendmarc
IgnoreAuthenticatedClients true
RequiredHeaders true
SPFSelfValidate true

13
postfix-policyd-spf-python/policyd-spf.conf Normal file
View file

@ -0,0 +1,13 @@
# For a fully commented sample config file see policyd-spf.conf.commented
debugLevel = 1
TestOnly = 1
HELO_reject = Fail
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

2
postfix/dynamicmaps.cf Normal file
View file

@ -0,0 +1,2 @@
# dict-type so-name (pathname) dict-function mkmap-function
mysql postfix-mysql.so dict_mysql_open

94
postfix/main.cf Normal file
View file

@ -0,0 +1,94 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_loglevel = 0
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.toetersnoet.nl/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.toetersnoet.nl/privkey.pem
smtpd_tls_security_level=encrypt
#smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = toetersnoet.nl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
#spf
policy-spf_time = 3600s
smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination permit_mynetworks check_policy_service unix:private/policy-spf
#dkim/dmarc
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891,local:opendmarc/opendmarc.sock
non_smtpd_milters = $smtpd_milters
#imap
home_mailbox = Maildir/
mailbox_command =
#virtual mail file settings
virtual_mailbox_base = /var/mail
#virtual_mailbox_maps = hash:/etc/postfix/vmailbox
#virtual_alias_maps = hash:/etc/postfix/virtual
#virtual_mailbox_domains = toetersnoet.nl
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
#virtual mail settings
virtual_mailbox_domains = mysql:/etc/postfix/virtual-mailbox-domains.conf
virtual_mailbox_maps = mysql:/etc/postfix/virtual-mailbox-users.conf
virtual_alias_maps = mysql:/etc/postfix/virtual-alias-maps.conf
sender_canonical_maps = mysql:/etc/postfix/virtual-canonical-maps.conf
#dovecot
#virtual_transport = dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
#smtpd_sender_login_maps = mysql:/etc/postfix/virtual-mailbox-users.conf
#smtpd_sender_restrictions = permit_sasl_authenticated
#snmp monitoring
maillog_file=/var/log/maillog

693
postfix/main.cf.proto Normal file
View file

@ -0,0 +1,693 @@
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# TIP: use the command "postconf -n" to view main.cf parameter
# settings, "postconf parametername" to view a specific parameter,
# and "postconf 'parametername=value'" to set a specific parameter.
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# COMPATIBILITY
#
# The compatibility_level determines what default settings Postfix
# will use for main.cf and master.cf settings. These defaults will
# change over time.
#
# To avoid breaking things, Postfix will use backwards-compatible
# default settings and log where it uses those old backwards-compatible
# default settings, until the system administrator has determined
# if any backwards-compatible default settings need to be made
# permanent in main.cf or master.cf.
#
# When this review is complete, update the compatibility_level setting
# below as recommended in the RELEASE_NOTES file.
#
# The level below is what should be used with new (not upgrade) installs.
#
compatibility_level = 3.7
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
#queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/lib/postfix/sbin
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
#mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
# Debian GNU/Linux specific: Specifying a file name will cause the
# first line of that file to be used as the name. The Debian default
# is /etc/mailname.
#
#myorigin = /etc/mailname
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain + localhost. On
# a mail domain gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = host), Postfix "trusts" only
# the local machine.
#
# Specify "mynetworks_style = subnet" when Postfix should "trust"
# SMTP clients in the same IP subnetworks as the local machine.
# On Linux, this works correctly only with interfaces specified
# with the "ifconfig" or "ip" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.3.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 127.0.0.0/8
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_relay_restrictions and
# smtpd_recipient_restrictions descriptions in postconf(5) for detailed
# information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks, or is
# SASL authenticated) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is empty.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains =
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /usr/bin/procmail
#mailbox_command = /usr/bin/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
#
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
#debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen session, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path =
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path =
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path =
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group =
# html_directory: The location of the Postfix HTML documentation.
#
html_directory =
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory =
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory =
# readme_directory: The location of the Postfix README files.
#
readme_directory =
inet_protocols = ipv4

1
postfix/makedefs.out Symbolic link
View file

@ -0,0 +1 @@
/usr/share/postfix/makedefs.out

180
postfix/master.cf Normal file
View file

@ -0,0 +1,180 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - y - - smtpd
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
# -o smtpd_tls_cert_file=/etc/letsencrypt/live/mail.toetersnoet.nl/fullchain.pem
# -o smtpd_tls_key_file=/etc/letsencrypt/live/mail.toetersnoet.nl/privkey.pem
submission inet n - y - - smtpd
-o smtpd_tls_security_level=encrypt
# -o smtpd_tls_cert_file=/etc/letsencrypt/live/mail.toetersnoet.nl/cert.pem
# -o smtpd_tls_key_file=/etc/letsencrypt/live/mail.toetersnoet.nl/privkey.pem
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=mysql:/etc/postfix/virtual-mailbox-domains.conf
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=mysql:/etc/postfix/virtual-mailbox-senders.conf
-o smtpd_sender_restrictions=reject_sender_login_mismatch,permit_sasl_authenticated
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
#submission inet n - y - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_sasl_type=dovecot
# -o smtpd_sasl_path=private/auth
# -o smtpd_sasl_security_options=noanonymous
# -o smtpd_sasl_local_domain=$myhostname
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
# -o smtpd_sender_restrictions=reject_sender_login_mismatch
# -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n - y - - smtpd
#submissions inet n - y - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
#spf
policy-spf unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spf

137
postfix/master.cf.proto Normal file
View file

@ -0,0 +1,137 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - y - - smtpd
#submission inet n - y - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n - y - - smtpd
#submissions inet n - y - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_relay_restrictions=
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

925
postfix/post-install Executable file
View file

@ -0,0 +1,925 @@
#!/bin/sh
# To view the formatted manual page of this file, type:
# POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man
#++
# NAME
# post-install
# SUMMARY
# Postfix post-installation script
# SYNOPSIS
# postfix post-install [name=value] command ...
# DESCRIPTION
# The post-install script performs the finishing touch of a Postfix
# installation, after the executable programs and configuration
# files are installed. Usage is one of the following:
# .IP o
# While installing Postfix from source code on the local machine, the
# script is run by the postfix-install script to update selected file
# or directory permissions and to update Postfix configuration files.
# .IP o
# While installing Postfix from a pre-built package, the script is run
# by the package management procedure to set all file or directory
# permissions and to update Postfix configuration files.
# .IP o
# The script can be used to change installation parameter settings such
# as mail_owner or setgid_group after Postfix is already installed.
# .IP o
# The script can be used to upgrade configuration files and to upgrade
# file/directory permissions of a secondary Postfix instance.
# .IP o
# At Postfix start-up time, the script is run from "postfix check" to
# create missing queue directories.
# .PP
# The post-install script is controlled by installation parameters.
# Specific parameters are described at the end of this document.
# All installation parameters must be specified ahead of time via
# one of the methods described below.
#
# Arguments
# .IP create-missing
# Create missing queue directories with ownerships and permissions
# according to the contents of $meta_directory/postfix-files
# and optionally in $meta_directory/postfix-files.d/*, using
# the mail_owner and setgid_group parameter settings from the
# command line, process environment or from the installed
# main.cf file.
#
# This is required at Postfix start-up time.
# .IP set-permissions
# Set all file/directory ownerships and permissions according to the
# contents of $meta_directory/postfix-files and optionally
# in $meta_directory/postfix-files.d/*, using the mail_owner
# and setgid_group parameter settings from the command line,
# process environment or from the installed main.cf file.
# Implies create-missing.
#
# This is required when installing Postfix from a pre-built package,
# or when changing the mail_owner or setgid_group installation parameter
# settings after Postfix is already installed.
# .IP upgrade-permissions
# Update ownership and permission of existing files/directories as
# specified in $meta_directory/postfix-files and optionally
# in $meta_directory/postfix-files.d/*, using the mail_owner
# and setgid_group parameter settings from the command line,
# process environment or from the installed main.cf file.
# Implies create-missing.
#
# This is required when upgrading an existing Postfix instance.
# .IP upgrade-configuration
# Edit the installed main.cf and master.cf files, in order to account
# for missing services and to fix deprecated parameter settings.
#
# This is required when upgrading an existing Postfix instance.
# .IP upgrade-source
# Short-hand for: upgrade-permissions upgrade-configuration.
#
# This is recommended when upgrading Postfix from source code.
# .IP upgrade-package
# Short-hand for: set-permissions upgrade-configuration.
#
# This is recommended when upgrading Postfix from a pre-built package.
# .IP first-install-reminder
# Remind the user that they still need to configure main.cf and the
# aliases file, and that newaliases still needs to be run.
#
# This is recommended when Postfix is installed for the first time.
# MULTIPLE POSTFIX INSTANCES
# .ad
# .fi
# Multiple Postfix instances on the same machine can share command and
# daemon program files but must have separate configuration and queue
# directories.
#
# To create a secondary Postfix installation on the same machine,
# copy the configuration files from the primary Postfix instance to
# a secondary configuration directory and execute:
#
# postfix post-install config_directory=secondary-config-directory \e
# .in +4
# queue_directory=secondary-queue-directory \e
# .br
# create-missing
# .PP
# This creates secondary Postfix queue directories, sets their access
# permissions, and saves the specified installation parameters to the
# secondary main.cf file.
#
# Be sure to list the secondary configuration directory in the
# alternate_config_directories parameter in the primary main.cf file.
#
# To upgrade a secondary Postfix installation on the same machine,
# execute:
#
# postfix post-install config_directory=secondary-config-directory \e
# .in +4
# upgrade-permissions upgrade-configuration
# INSTALLATION PARAMETER INPUT METHODS
# .ad
# .fi
# Parameter settings can be specified through a variety of
# mechanisms. In order of decreasing precedence these are:
# .IP "command line"
# Parameter settings can be given as name=value arguments on
# the post-install command line. These have the highest precedence.
# Settings that override the installed main.cf file are saved.
# .IP "process environment"
# Parameter settings can be given as name=value environment
# variables.
# Settings that override the installed main.cf file are saved.
# .IP "installed configuration files"
# If a parameter is not specified via the command line or via the
# process environment, post-install will attempt to extract its
# value from the already installed Postfix main.cf configuration file.
# These settings have the lowest precedence.
# INSTALLATION PARAMETER DESCRIPTION
# .ad
# .fi
# The description of installation parameters is as follows:
# .IP config_directory
# The directory for Postfix configuration files.
# .IP daemon_directory
# The directory for Postfix daemon programs. This directory
# should not be in the command search path of any users.
# .IP command_directory
# The directory for Postfix administrative commands. This
# directory should be in the command search path of administrative users.
# .IP queue_directory
# The directory for Postfix queues.
# .IP data_directory
# The directory for Postfix writable data files (caches, etc.).
# .IP sendmail_path
# The full pathname for the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
# .IP newaliases_path
# The full pathname for the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases
# for the Postfix local delivery agent.
# .IP mailq_path
# The full pathname for the Postfix mailq command.
# This is the Sendmail-compatible command to list the mail queue.
# .IP mail_owner
# The owner of the Postfix queue. Its numerical user ID and group ID
# must not be used by any other accounts on the system.
# .IP setgid_group
# The group for mail submission and for queue management commands.
# Its numerical group ID must not be used by any other accounts on the
# system, not even by the mail_owner account.
# .IP html_directory
# The directory for the Postfix HTML files.
# .IP manpage_directory
# The directory for the Postfix on-line manual pages.
# .IP sample_directory
# The directory for the Postfix sample configuration files.
# This feature is obsolete as of Postfix 2.1.
# .IP readme_directory
# The directory for the Postfix README files.
# .IP shlib_directory
# The directory for the Postfix shared-library files, and for
# the Postfix dabatase plugin files with a relative pathname
# in the file dynamicmaps.cf.
# .IP meta_directory
# The directory for non-executable files that are shared
# among multiple Postfix instances, such as postfix-files,
# dynamicmaps.cf, as well as the multi-instance template files
# main.cf.proto and master.cf.proto.
# SEE ALSO
# postfix-install(1) Postfix primary installation script.
# FILES
# $config_directory/main.cf, Postfix installation parameters.
# $meta_directory/postfix-files, installation control file.
# $meta_directory/postfix-files.d/*, optional control files.
# $config_directory/install.cf, obsolete configuration file.
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#--
umask 022
PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd
SHELL=/bin/sh
IFS="
"
BACKUP_IFS="$IFS"
debug=:
#debug=echo
MOST_PARAMETERS="command_directory daemon_directory data_directory
html_directory mail_owner mailq_path manpage_directory
newaliases_path queue_directory readme_directory sample_directory
sendmail_path setgid_group shlib_directory meta_directory"
NON_SHARED="config_directory queue_directory data_directory"
USAGE="Usage: $0 [name=value] command
create-missing Create missing queue directories.
upgrade-source When installing or upgrading from source code.
upgrade-package When installing or upgrading from pre-built package.
first-install-reminder Remind of mandatory first-time configuration steps.
name=value Specify an installation parameter".
# Process command-line options and parameter settings. Work around
# brain damaged shells. "IFS=value command" should not make the
# IFS=value setting permanent. But some broken standard allows it.
create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
obsolete=; keep_list=;
for arg
do
case $arg in
*[" "]*) echo $0: "Error: argument contains whitespace: '$arg'"
exit 1;;
*=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
create-missing) create=1;;
set-perm*) create=1; set_perms=1;;
upgrade-perm*) create=1; upgrade_perms=1;;
upgrade-conf*) upgrade_conf=1;;
upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;;
upgrade-package) create=1; upgrade_conf=1; set_perms=1;;
first-install*) first_install_reminder=1;;
*) echo "$0: Error: $USAGE" 1>&2; exit 1;;
esac
shift
done
# Sanity checks.
test -n "$create$upgrade_conf$first_install_reminder" || {
echo "$0: Error: $USAGE" 1>&2
exit 1
}
# Bootstrapping problem.
if [ -n "$command_directory" ]
then
POSTCONF="$command_directory/postconf"
else
POSTCONF="postconf"
fi
$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
echo $0: Error: no $POSTCONF command found. 1>&2
echo Re-run this command as $0 command_directory=/some/where. 1>&2
exit 1
}
# Also used to require license etc. files only in the default instance.
def_config_directory=`$POSTCONF -d -h config_directory` || exit 1
test -n "$config_directory" ||
config_directory="$def_config_directory"
test -d "$config_directory" || {
echo $0: Error: $config_directory is not a directory. 1>&2
exit 1
}
# If this is a secondary instance, don't touch shared files.
# XXX Solaris does not have "test -e".
instances=`test ! -f $def_config_directory/main.cf ||
$POSTCONF -c $def_config_directory -h multi_instance_directories |
sed 's/,/ /'` || exit 1
update_shared_files=1
for name in $instances
do
case "$name" in
"$def_config_directory") ;;
"$config_directory") update_shared_files=; break;;
esac
done
test -f $meta_directory/postfix-files || {
echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2
exit 1
}
# SunOS5 fmt(1) truncates lines > 1000 characters.
fake_fmt() {
sed '
:top
/^\( *\)\([^ ][^ ]*\) */{
s//\1\2\
\1/
P
D
b top
}
' | fmt
}
case `uname -s` in
HP-UX*) FMT=cat;;
SunOS*) FMT=fake_fmt;;
*) FMT=fmt;;
esac
# If a parameter is not set via the command line or environment,
# try to use settings from installed configuration files.
# Extract parameter settings from the obsolete install.cf file, as
# a transitional aid.
grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || {
test -f $config_directory/install.cf && {
for name in sendmail_path newaliases_path mailq_path setgid manpages
do
eval junk=\$$name
case "$junk" in
"") eval unset $name;;
esac
eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \
|| exit 1
done
: ${setgid_group=$setgid}
: ${manpage_directory=$manpages}
}
}
# Extract parameter settings from the installed main.cf file.
test -f $config_directory/main.cf && {
for name in $MOST_PARAMETERS
do
eval junk=\$$name
case "$junk" in
"") eval unset $name;;
esac
eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1
done
}
# Sanity checks
case $manpage_directory in
no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
esac
case $setgid_group in
no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
esac
for path in "$daemon_directory" "$command_directory" "$queue_directory" \
"$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \
"$meta_directory"
do
case "$path" in
/*) ;;
*) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;;
esac
done
for path in "$html_directory" "$readme_directory" "$shlib_directory"
do
case "$path" in
/*) ;;
no) ;;
*) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;;
esac
done
# Find out what parameters were not specified via command line,
# via environment, or via installed configuration files.
missing=
for name in $MOST_PARAMETERS
do
eval test -n \"\$$name\" || missing="$missing $name"
done
# All parameters must be specified at this point.
test -n "$non_interactive" -a -n "$missing" && {
cat <<EOF | ${FMT} 1>&2
$0: Error: some required installation parameters are not defined.
- Either the parameters need to be given in the $config_directory/main.cf
file from a recent Postfix installation,
- Or the parameters need to be specified through the process
environment.
- Or the parameters need to be specified as name=value arguments
on the $0 command line,
The following parameters were missing:
$missing
EOF
exit 1
}
POSTCONF="$command_directory/postconf"
# Save settings, allowing command line/environment override.
# Undo MAIL_VERSION expansion at the end of a parameter value. If
# someone really wants the expanded mail version in main.cf, then
# we're sorry.
# Confine side effects from mail_version unexpansion within a subshell.
(case "$mail_version" in
"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1
esac
for name in $MOST_PARAMETERS
do
eval junk=\$$name
case "$junk" in
*"$mail_version"*)
case "$pattern" in
"") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1
esac
val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1
eval ${name}='"$val"'
esac
done
# XXX Maybe update main.cf only with first install, upgrade, set
# permissions, and what else? Should there be a warning otherwise?
override=
for name in $MOST_PARAMETERS
do
eval junk=\"\$$name\"
test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || {
override=1
break
}
done
test -n "$override" && {
$POSTCONF -c $config_directory -e \
"daemon_directory = $daemon_directory" \
"command_directory = $command_directory" \
"queue_directory = $queue_directory" \
"data_directory = $data_directory" \
"mail_owner = $mail_owner" \
"setgid_group = $setgid_group" \
"sendmail_path = $sendmail_path" \
"mailq_path = $mailq_path" \
"newaliases_path = $newaliases_path" \
"html_directory = $html_directory" \
"manpage_directory = $manpage_directory" \
"sample_directory = $sample_directory" \
"readme_directory = $readme_directory" \
"shlib_directory = $shlib_directory" \
"meta_directory = $meta_directory" \
|| exit 1
} || exit 0) || exit 1
# Use file/directory status information in $meta_directory/postfix-files.
test -n "$create" && {
postfix_files_d=$meta_directory/postfix-files.d
for postfix_file in $meta_directory/postfix-files \
`test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }`
do
exec <$postfix_file || exit 1
while IFS=: read path type owner group mode flags junk
do
IFS="$BACKUP_IFS"
set_permission=
# Skip comments. Skip shared files, if updating a secondary instance.
case $path in
[$]*) case "$update_shared_files" in
1) $debug keep non-shared or shared $path;;
*) non_shared=
for name in $NON_SHARED
do
case $path in
"\$$name"*) non_shared=1; break;;
esac
done
case "$non_shared" in
1) $debug keep non-shared $path;;
*) $debug skip shared $path; continue;;
esac;;
esac;;
*) continue;;
esac
# Skip hard links and symbolic links.
case $type in
[hl]) continue;;
[df]) ;;
*) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;;
esac
# Expand $name, and canonicalize null fields.
for name in path owner group flags
do
eval junk=\${$name}
case $junk in
[$]*) eval $name=$junk;;
-) eval $name=;;
*) ;;
esac
done
# Skip uninstalled files.
case $path in
no|no/*) continue;;
esac
# Pick up the flags.
case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
case $flags in *c*) create_flag=1;; *) create_flag=;; esac
case $flags in *r*) recursive="-R";; *) recursive=;; esac
case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac
case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \
"$def_config_directory" && continue;; esac
# Flag obsolete objects. XXX Solaris 2..9 does not have "test -e".
if [ -n "$obsolete_flag" ]
then
test -r $path -a "$type" != "d" && obsolete="$obsolete $path"
continue;
else
keep_list="$keep_list $path"
fi
# Create missing directories with proper owner/group/mode settings.
if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
then
mkdir $path || exit 1
set_permission=1
# Update all owner/group/mode settings.
elif [ -n "$set_perms" ]
then
set_permission=1
# Update obsolete owner/group/mode settings.
elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ]
then
set_permission=1
fi
test -n "$set_permission" && {
chown $recursive $owner $path || exit 1
test -z "$group" || chgrp $recursive $group $path || exit 1
# Don't "chmod -R"; queue file status is encoded in mode bits.
if [ "$type" = "d" -a -n "$recursive" ]
then
find $path -type d -exec chmod $mode "{}" ";"
else
chmod $mode $path
fi || exit 1
}
done
IFS="$BACKUP_IFS"
done
}
# Upgrade existing Postfix configuration files if necessary.
test -n "$upgrade_conf" && {
# Postfix 2.0.
# Add missing relay service to master.cf.
grep '^relay' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for relay service
cat >>$config_directory/master.cf <<EOF || exit 1
relay unix - - n - - smtp
EOF
}
# Postfix 1.1.
# Add missing flush service to master.cf.
grep '^flush.*flush' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for flush service
cat >>$config_directory/master.cf <<EOF || exit 1
flush unix - - n 1000? 0 flush
EOF
}
# Postfix 2.1.
# Add missing trace service to master.cf.
grep 'trace.*bounce' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for trace service
cat >>$config_directory/master.cf <<EOF || exit 1
trace unix - - n - 0 bounce
EOF
}
# Postfix 2.1.
# Add missing verify service to master.cf.
grep '^verify.*verify' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for verify service
cat >>$config_directory/master.cf <<EOF || exit 1
verify unix - - n - 1 verify
EOF
}
# Postfix 2.1.
# Fix verify service process limit.
grep '^verify.*[ ]0[ ]*verify' \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, setting verify process limit to 1
ed $config_directory/master.cf <<EOF || exit 1
/^verify.*[ ]0[ ]*verify/
s/\([ ]\)0\([ ]\)/\11\2/
p
w
q
EOF
}
# Postfix 1.1.
# Change privileged pickup service into unprivileged.
grep "^pickup[ ]*fifo[ ]*n[ ]*n" \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, making the pickup service unprivileged
ed $config_directory/master.cf <<EOF || exit 1
/^pickup[ ]*fifo[ ]*n[ ]*n/
s/\(n[ ]*\)n/\1-/
p
w
q
EOF
}
# Postfix 1.1.
# Change private cleanup and flush services into public.
for name in cleanup flush
do
grep "^$name[ ]*unix[ ]*[-y]" \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, making the $name service public
ed $config_directory/master.cf <<EOF || exit 1
/^$name[ ]*unix[ ]*[-y]/
s/[-y]/n/
p
w
q
EOF
}
done
# Postfix 2.2.
# File systems have improved since Postfix came out, and all we
# require now is that defer and deferred are hashed because those
# can contain lots of files.
found=`$POSTCONF -c $config_directory -h hash_queue_names`
missing=
(echo "$found" | grep defer >/dev/null) || missing="$missing defer"
(echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
test -n "$missing" && {
echo fixing main.cf hash_queue_names for missing $missing
$POSTCONF -c $config_directory -e hash_queue_names="$found$missing" ||
exit 1
}
# Turn on safety nets for new features that could bounce mail that
# would be accepted by a previous Postfix version.
# [The "unknown_local_recipient_reject_code = 450" safety net,
# introduced with Postfix 2.0 and deleted after Postfix 2.3.]
# Postfix 2.0.
# Add missing proxymap service to master.cf.
grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for proxymap service
cat >>$config_directory/master.cf <<EOF || exit 1
proxymap unix - - n - - proxymap
EOF
}
# Postfix 2.1.
# Add missing anvil service to master.cf.
grep '^anvil.*anvil' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for anvil service
cat >>$config_directory/master.cf <<EOF || exit 1
anvil unix - - n - 1 anvil
EOF
}
# Postfix 2.2.
# Add missing scache service to master.cf.
grep '^scache.*scache' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for scache service
cat >>$config_directory/master.cf <<EOF || exit 1
scache unix - - n - 1 scache
EOF
}
# Postfix 2.2.
# Add missing discard service to master.cf.
grep '^discard.*discard' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for discard service
cat >>$config_directory/master.cf <<EOF || exit 1
discard unix - - n - - discard
EOF
}
# Postfix 2.2.
# Update the tlsmgr fifo->unix service.
grep "^tlsmgr[ ]*fifo[ ]" \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service
ed $config_directory/master.cf <<EOF || exit 1
/^tlsmgr[ ]*fifo[ ]/
s/fifo/unix/
s/[0-9][0-9]*/&?/
p
w
q
EOF
}
# Postfix 2.2.
# Add missing tlsmgr service to master.cf.
grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service
cat >>$config_directory/master.cf <<EOF || exit 1
tlsmgr unix - - n 1000? 1 tlsmgr
EOF
}
# Postfix 2.2.
# Add missing retry service to master.cf.
grep '^retry.*error' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for retry service
cat >>$config_directory/master.cf <<EOF || exit 1
retry unix - - n - - error
EOF
}
# Postfix 2.5.
# Add missing proxywrite service to master.cf.
grep '^proxywrite.*proxymap' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for proxywrite service
cat >>$config_directory/master.cf <<EOF || exit 1
proxywrite unix - - n - 1 proxymap
EOF
}
# Postfix 2.5.
# Fix a typo in the default master.cf proxywrite entry.
grep '^proxywrite.*-[ ]*proxymap' $config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, setting proxywrite process limit to 1
ed $config_directory/master.cf <<EOF || exit 1
/^proxywrite.*-[ ]*proxymap/
s/-\([ ]*proxymap\)/1\1/
p
w
q
EOF
}
# Postfix 2.8.
# Add missing postscreen service to master.cf.
grep '^#*smtp.*postscreen' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service
cat >>$config_directory/master.cf <<EOF || exit 1
#smtp inet n - n - 1 postscreen
EOF
}
# Postfix 2.8.
# Add missing smtpd (unix-domain) service to master.cf.
grep '^#*smtpd.*smtpd' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service
cat >>$config_directory/master.cf <<EOF || exit 1
#smtpd pass - - n - - smtpd
EOF
}
# Postfix 2.8.
# Add temporary dnsblog (unix-domain) service to master.cf.
grep '^#*dnsblog.*dnsblog' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service
cat >>$config_directory/master.cf <<EOF || exit 1
#dnsblog unix - - n - 0 dnsblog
EOF
}
# Postfix 2.8.
# Add tlsproxy (unix-domain) service to master.cf.
grep '^#*tlsproxy.*tlsproxy' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service
cat >>$config_directory/master.cf <<EOF || exit 1
#tlsproxy unix - - n - 0 tlsproxy
EOF
}
# Report (but do not remove) obsolete files.
test -n "$obsolete" && {
cat <<EOF | ${FMT}
Note: the following files or directories still exist but are
no longer part of Postfix:
$obsolete
EOF
}
# Postfix 2.9.
# Safety net for incompatible changes in IPv6 defaults.
# PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO AVOID AN
# UNEXPECTED DROP IN PERFORMANCE AFTER UPGRADING FROM POSTFIX
# BEFORE 2.9.
# This code assumes that the default is "inet_protocols = ipv4"
# when IPv6 support is not compiled in. See util/sys_defs.h.
test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
test -n "`$POSTCONF -c $config_directory -n inet_protocols`" || {
cat <<EOF | ${FMT}
COMPATIBILITY: editing $config_directory/main.cf, setting
inet_protocols=ipv4. Specify inet_protocols explicitly if you
want to enable IPv6.
In a future release IPv6 will be enabled by default.
EOF
$POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1
}
# Disabled because unhelpful down-stream maintainers disable the safety net.
# # Postfix 2.10.
# # Safety net for incompatible changes due to the introduction
# # of the smtpd_relay_restrictions feature to separate the
# # mail relay policy from the spam blocking policy.
# # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
# # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
# # POSTFIX BEFORE 2.10.
# test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
# cat <<EOF | ${FMT}
# COMPATIBILITY: editing $config_directory/main.cf, overriding
# smtpd_relay_restrictions to prevent inbound mail from
# unexpectedly bouncing.
# Specify an empty smtpd_relay_restrictions value to keep using
# smtpd_recipient_restrictions as before.
#EOF
# $POSTCONF -c $config_directory "smtpd_relay_restrictions = \
# permit_mynetworks permit_sasl_authenticated \
# defer_unauth_destination" || exit 1
# }
# Postfix 3.4
# Add a postlog service entry.
grep '^postlog' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for postlog unix-domain datagram service
cat >>$config_directory/master.cf <<EOF || exit 1
postlog unix-dgram n - n - 1 postlogd
EOF
}
}
# A reminder if this is the first time Postfix is being installed.
test -n "$first_install_reminder" && {
ALIASES=`$POSTCONF -c $config_directory -h alias_database | sed 's/^[^:]*://'`
NEWALIASES_PATH=`$POSTCONF -c $config_directory -h newaliases_path`
cat <<EOF | ${FMT}
Warning: you still need to edit myorigin/mydestination/mynetworks
parameter settings in $config_directory/main.cf.
See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
for information about dialup sites or about sites inside a
firewalled network.
BTW: Check your $ALIASES file and be sure to set up aliases
that send mail for root and postmaster to a real person, then
run $NEWALIASES_PATH.
EOF
}
exit 0

223
postfix/postfix-files Normal file
View file

@ -0,0 +1,223 @@
#
# Do not edit this file.
#
# This file controls the postfix-install script for installation of
# Postfix programs, configuration files and documentation, as well
# as the post-install script for setting permissions and for updating
# Postfix configuration files. See the respective manual pages within
# the script files.
#
# Do not list $command_directory or $shlib_directory in this file,
# or it will be blown away by a future Postfix uninstallation
# procedure. You would not want to lose all files in /usr/sbin or
# /usr/local/lib.
#
# Each record in this file describes one file or directory.
# Fields are separated by ":". Specify a null field as "-".
# Missing fields or separators at the end are OK.
#
# File format:
# name:type:owner:group:permission:flags
# No group means don't change group ownership.
#
# File types:
# d=directory
# f=regular file
# h=hard link (*)
# l=symbolic link (*)
#
# (*) With hard links and symbolic links, the owner field becomes the
# source pathname, while the group and permissions are ignored.
#
# File flags:
# No flag means the flag is not active.
# p=preserve existing file, do not replace (postfix-install).
# u=update owner/group/mode (post-install upgrade-permissions).
# c=create missing directory (post-install create-missing).
# r=apply owner/group recursively (post-install set/upgrade-permissions).
# o=obsolete, no longer part of Postfix
# 1=optional for non-default instance (config_dir != built-in default).
#
# Note: the "u" flag is for upgrading the permissions of existing files
# or directories after changes in Postfix architecture. For robustness
# it is a good idea to "u" all the files that have special ownership or
# permissions, so that running "make install" fixes any glitches.
#
# Note: order matters. Update shared libraries and database plugins
# before daemon/command-line programs.
$config_directory:d:root:-:755:u
$data_directory:d:$mail_owner:-:700:uc
$daemon_directory:d:root:-:755:u
$queue_directory:d:root:-:755:uc
$queue_directory/active:d:$mail_owner:-:700:ucr
$queue_directory/bounce:d:$mail_owner:-:700:ucr
$queue_directory/corrupt:d:$mail_owner:-:700:ucr
$queue_directory/defer:d:$mail_owner:-:700:ucr
$queue_directory/deferred:d:$mail_owner:-:700:ucr
$queue_directory/flush:d:$mail_owner:-:700:ucr
$queue_directory/hold:d:$mail_owner:-:700:ucr
$queue_directory/incoming:d:$mail_owner:-:700:ucr
$queue_directory/private:d:$mail_owner:-:700:uc
$queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc
$queue_directory/public:d:$mail_owner:$setgid_group:710:uc
$queue_directory/pid:d:root:-:755:uc
$queue_directory/saved:d:$mail_owner:-:700:ucr
$queue_directory/trace:d:$mail_owner:-:700:ucr
# Update shared libraries and plugins before daemon or command-line programs.
$shlib_directory/libpostfix-util.so:f:root:-:755
$shlib_directory/libpostfix-global.so:f:root:-:755
$shlib_directory/libpostfix-dns.so:f:root:-:755
$shlib_directory/libpostfix-tls.so:f:root:-:755
$shlib_directory/libpostfix-master.so:f:root:-:755
$meta_directory/dynamicmaps.cf.d:d:root:-:755
$meta_directory/dynamicmaps.cf:f:root:-:644
$meta_directory/main.cf.proto:f:root:-:644
$meta_directory/makedefs.out:f:root:-:644
$meta_directory/master.cf.proto:f:root:-:644
$meta_directory/postfix-files.d:d:root:-:755
$meta_directory/postfix-files:f:root:-:644
$daemon_directory/anvil:f:root:-:755
$daemon_directory/bounce:f:root:-:755
$daemon_directory/cleanup:f:root:-:755
$daemon_directory/discard:f:root:-:755
$daemon_directory/dnsblog:f:root:-:755
$daemon_directory/error:f:root:-:755
$daemon_directory/flush:f:root:-:755
$daemon_directory/local:f:root:-:755
$daemon_directory/main.cf:f:root:-:644:o
$daemon_directory/master.cf:f:root:-:644:o
$daemon_directory/master:f:root:-:755
$daemon_directory/oqmgr:f:root:-:755
$daemon_directory/pickup:f:root:-:755
$daemon_directory/pipe:f:root:-:755
$daemon_directory/post-install:f:root:-:755
# In case meta_directory == daemon_directory.
#$daemon_directory/postfix-files:f:root:-:644:o
#$daemon_directory/postfix-files.d:d:root:-:755:o
$daemon_directory/postfix-script:f:root:-:755
$daemon_directory/postfix-tls-script:f:root:-:755
$daemon_directory/postfix-wrapper:f:root:-:755
$daemon_directory/postmulti-script:f:root:-:755
$daemon_directory/postlogd:f:root:-:755
$daemon_directory/postscreen:f:root:-:755
$daemon_directory/proxymap:f:root:-:755
$daemon_directory/qmgr:f:root:-:755
$daemon_directory/qmqpd:f:root:-:755
$daemon_directory/scache:f:root:-:755
$daemon_directory/showq:f:root:-:755
$daemon_directory/smtp:f:root:-:755
$daemon_directory/smtpd:f:root:-:755
$daemon_directory/spawn:f:root:-:755
$daemon_directory/tlsproxy:f:root:-:755
$daemon_directory/tlsmgr:f:root:-:755
$daemon_directory/trivial-rewrite:f:root:-:755
$daemon_directory/verify:f:root:-:755
$daemon_directory/virtual:f:root:-:755
$daemon_directory/nqmgr:h:$daemon_directory/qmgr
$daemon_directory/lmtp:h:$daemon_directory/smtp
$command_directory/postalias:f:root:-:755
$command_directory/postcat:f:root:-:755
$command_directory/postconf:f:root:-:755
$command_directory/postfix:f:root:-:755
$command_directory/postkick:f:root:-:755
$command_directory/postlock:f:root:-:755
$command_directory/postlog:f:root:$setgid_group:2755:u
$command_directory/postmap:f:root:-:755
$command_directory/postmulti:f:root:-:755
$command_directory/postsuper:f:root:-:755
$command_directory/postdrop:f:root:$setgid_group:2755:u
$command_directory/postqueue:f:root:$setgid_group:2755:u
$sendmail_path:f:root:-:755
$newaliases_path:l:$sendmail_path
$mailq_path:l:$sendmail_path
# Empty files not shipped in Debian
#$config_directory/access:f:root:-:644:p1
#$config_directory/aliases:f:root:-:644:p1
#$config_directory/bounce.cf.default:f:root:-:644:1
#$config_directory/canonical:f:root:-:644:p1
#$config_directory/cidr_table:f:root:-:644:o
#$config_directory/generic:f:root:-:644:p1
#$config_directory/generics:f:root:-:644:o
#$config_directory/header_checks:f:root:-:644:p1
#$config_directory/install.cf:f:root:-:644:o
#$config_directory/main.cf.default:f:root:-:644:1
$config_directory/main.cf:f:root:-:644:p
$config_directory/master.cf:f:root:-:644:p
#$config_directory/regexp_table:f:root:-:644:o
#$config_directory/relocated:f:root:-:644:p1
#$config_directory/tcp_table:f:root:-:644:o
#$config_directory/transport:f:root:-:644:p1
#$config_directory/virtual:f:root:-:644:p1
$config_directory/postfix-script:f:root:-:755:o
#$config_directory/postfix-script-sgid:f:root:-:755:o
#$config_directory/postfix-script-nosgid:f:root:-:755:o
$config_directory/post-install:f:root:-:755:o
$manpage_directory/man1/mailq.1.gz:f:root:-:644
$manpage_directory/man1/newaliases.1.gz:f:root:-:644
$manpage_directory/man1/postalias.1.gz:f:root:-:644
$manpage_directory/man1/postcat.1.gz:f:root:-:644
$manpage_directory/man1/postconf.1.gz:f:root:-:644
$manpage_directory/man1/postdrop.1.gz:f:root:-:644
$manpage_directory/man1/postfix-tls.1.gz:f:root:-:644
$manpage_directory/man1/postfix.1.gz:f:root:-:644
$manpage_directory/man1/postkick.1.gz:f:root:-:644
$manpage_directory/man1/postlock.1.gz:f:root:-:644
$manpage_directory/man1/postlog.1.gz:f:root:-:644
$manpage_directory/man1/postmap.1.gz:f:root:-:644
$manpage_directory/man1/postmulti.1.gz:f:root:-:644
$manpage_directory/man1/postqueue.1.gz:f:root:-:644
$manpage_directory/man1/postsuper.1.gz:f:root:-:644
$manpage_directory/man1/sendmail.1.gz:f:root:-:644
$manpage_directory/man5/access.5.gz:f:root:-:644
$manpage_directory/man5/aliases.5.gz:f:root:-:644
$manpage_directory/man5/body_checks.5.gz:f:root:-:644
$manpage_directory/man5/bounce.5.gz:f:root:-:644
$manpage_directory/man5/canonical.5.gz:f:root:-:644
$manpage_directory/man5/cidr_table.5.gz:f:root:-:644
$manpage_directory/man5/generics.5.gz:f:root:-:644:o
$manpage_directory/man5/generic.5.gz:f:root:-:644
$manpage_directory/man5/header_checks.5.gz:f:root:-:644
$manpage_directory/man5/master.5.gz:f:root:-:644
$manpage_directory/man5/memcache_table.5.gz:f:root:-:644
$manpage_directory/man5/socketmap_table.5.gz:f:root:-:644
$manpage_directory/man5/nisplus_table.5.gz:f:root:-:644
$manpage_directory/man5/postconf.5.gz:f:root:-:644
$manpage_directory/man5/postfix-wrapper.5.gz:f:root:-:644
$manpage_directory/man5/regexp_table.5.gz:f:root:-:644
$manpage_directory/man5/relocated.5.gz:f:root:-:644
$manpage_directory/man5/tcp_table.5.gz:f:root:-:644
$manpage_directory/man5/transport.5.gz:f:root:-:644
$manpage_directory/man5/virtual.5.gz:f:root:-:644
$manpage_directory/man8/bounce.8postfix.gz:f:root:-:644
$manpage_directory/man8/cleanup.8postfix.gz:f:root:-:644
$manpage_directory/man8/anvil.8postfix.gz:f:root:-:644
$manpage_directory/man8/defer.8postfix.gz:f:root:-:644
$manpage_directory/man8/discard.8postfix.gz:f:root:-:644
$manpage_directory/man8/dnsblog.8postfix.gz:f:root:-:644
$manpage_directory/man8/error.8postfix.gz:f:root:-:644
$manpage_directory/man8/flush.8postfix.gz:f:root:-:644
$manpage_directory/man8/lmtp.8postfix.gz:f:root:-:644
$manpage_directory/man8/local.8postfix.gz:f:root:-:644
$manpage_directory/man8/master.8postfix.gz:f:root:-:644
$manpage_directory/man8/nqmgr.8postfix.gz:f:root:-:644:o
$manpage_directory/man8/oqmgr.8postfix.gz:f:root:-:644:
$manpage_directory/man8/pickup.8postfix.gz:f:root:-:644
$manpage_directory/man8/pipe.8postfix.gz:f:root:-:644
$manpage_directory/man8/postlogd.8postfix.gz:f:root:-:644
$manpage_directory/man8/postfix-add-filter.8.gz:f:root:-:644
$manpage_directory/man8/postfix-add-policy.8.gz:f:root:-:644
$manpage_directory/man8/postscreen.8postfix.gz:f:root:-:644
$manpage_directory/man8/proxymap.8postfix.gz:f:root:-:644
$manpage_directory/man8/qmgr.8postfix.gz:f:root:-:644
$manpage_directory/man8/qmqpd.8postfix.gz:f:root:-:644
$manpage_directory/man8/scache.8postfix.gz:f:root:-:644
$manpage_directory/man8/showq.8postfix.gz:f:root:-:644
$manpage_directory/man8/smtp.8postfix.gz:f:root:-:644
$manpage_directory/man8/smtpd.8postfix.gz:f:root:-:644
$manpage_directory/man8/spawn.8postfix.gz:f:root:-:644
$manpage_directory/man8/tlsproxy.8postfix.gz:f:root:-:644
$manpage_directory/man8/tlsmgr.8postfix.gz:f:root:-:644
$manpage_directory/man8/trace.8postfix.gz:f:root:-:644
$manpage_directory/man8/trivial-rewrite.8postfix.gz:f:root:-:644
$manpage_directory/man8/verify.8postfix.gz:f:root:-:644
$manpage_directory/man8/virtual.8postfix.gz:f:root:-:644

2
postfix/postfix-files.d/mysql.files Normal file
View file

@ -0,0 +1,2 @@
$shlib_directory/postfix-mysql.so:f:root:-:755
$manpage_directory/man5/mysql_table.5.gz:f:root:-:644

454
postfix/postfix-script Executable file
View file

@ -0,0 +1,454 @@
#!/bin/sh
#++
# NAME
# postfix-script 1
# SUMMARY
# execute Postfix administrative commands
# SYNOPSIS
# \fBpostfix-script\fR \fIcommand\fR
# DESCRIPTION
# The \fBpostfix-script\fR script executes Postfix administrative
# commands in an environment that is set up by the \fBpostfix\fR(1)
# command.
# SEE ALSO
# master(8) Postfix master program
# postfix(1) Postfix administrative interface
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#--
# Avoid POSIX death due to SIGHUP when some parent process exits.
trap '' 1
case $daemon_directory in
"") echo This script must be run by the postfix command. 1>&2
echo Do not run directly. 1>&2
exit 1
esac
LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script"
INFO="$LOGGER -p info"
WARN="$LOGGER -p warn"
ERROR="$LOGGER -p error"
FATAL="$LOGGER -p fatal"
PANIC="$LOGGER -p panic"
umask 022
SHELL=/bin/sh
#
# Can't do much without these in place.
#
cd $command_directory || {
$FATAL no Postfix command directory $command_directory!
exit 1
}
cd $daemon_directory || {
$FATAL no Postfix daemon directory $daemon_directory!
exit 1
}
test -f master || {
$FATAL no Postfix master program $daemon_directory/master!
exit 1
}
cd $config_directory || {
$FATAL no Postfix configuration directory $config_directory!
exit 1
}
case $shlib_directory in
no) ;;
*) cd $shlib_directory || {
$FATAL no Postfix shared-library directory $shlib_directory!
exit 1
}
esac
cd $meta_directory || {
$FATAL no Postfix meta directory $meta_directory!
exit 1
}
cd $queue_directory || {
$FATAL no Postfix queue directory $queue_directory!
exit 1
}
def_config_directory=`$command_directory/postconf -dh config_directory` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
# If this is a secondary instance, don't touch shared files.
instances=`test ! -f $def_config_directory/main.cf ||
$command_directory/postconf -c $def_config_directory \
-h multi_instance_directories | sed 's/,/ /'` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
check_shared_files=1
for name in $instances
do
case "$name" in
"$def_config_directory") ;;
"$config_directory") check_shared_files=; break;;
esac
done
#
# Parse JCL
#
case $1 in
start_msg)
echo "Start postfix"
;;
stop_msg)
echo "Stop postfix"
;;
start|start-fg)
$daemon_directory/master -t 2>/dev/null || {
$FATAL the Postfix mail system is already running
exit 1
}
if [ -f $queue_directory/quick-start ]
then
rm -f $queue_directory/quick-start
else
$daemon_directory/postfix-script check-fatal || {
$FATAL Postfix integrity check failed!
exit 1
}
# Foreground this so it can be stopped. All inodes are cached.
$daemon_directory/postfix-script check-warn
fi
$INFO starting the Postfix mail system || exit 1
case $1 in
start)
# NOTE: wait in foreground process to get the initialization status.
$daemon_directory/master -w || {
$FATAL "mail system startup failed"
exit 1
}
;;
start-fg)
# Foreground start-up is incompatible with multi-instance mode.
# Use "exec $daemon_directory/master" only if PID == 1.
# Otherwise, doing so would break process group management,
# and "postfix stop" would kill too many processes.
case $instances in
"") case $$ in
1) exec $daemon_directory/master -i
$FATAL "cannot start-fg the master daemon"
exit 1;;
*) $daemon_directory/master -s;;
esac
;;
*) $FATAL "start-fg does not support multi_instance_directories"
exit 1
;;
esac
;;
esac
;;
drain)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 1
}
$INFO stopping the Postfix mail system
kill -9 `sed 1q pid/master.pid`
;;
quick-stop)
$daemon_directory/postfix-script stop
touch $queue_directory/quick-start
;;
stop)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 1
}
$INFO stopping the Postfix mail system
kill `sed 1q pid/master.pid`
for i in 5 4 3 2 1
do
$daemon_directory/master -t && exit 0
$INFO waiting for the Postfix mail system to terminate
sleep 1
done
$WARN stopping the Postfix mail system with force
pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` &&
kill -9 -$pid
;;
abort)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 1
}
$INFO aborting the Postfix mail system
kill `sed 1q pid/master.pid`
;;
reload)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 1
}
$INFO refreshing the Postfix mail system
$command_directory/postsuper active || exit 1
kill -HUP `sed 1q pid/master.pid`
$command_directory/postsuper &
;;
flush)
cd $queue_directory || {
$FATAL no Postfix queue directory $queue_directory!
exit 1
}
$command_directory/postqueue -f
;;
check)
$daemon_directory/postfix-script check-fatal || exit 1
$daemon_directory/postfix-script check-warn
exit 0
;;
status)
$daemon_directory/master -t 2>/dev/null && {
$INFO the Postfix mail system is not running
exit 1
}
$INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid`
exit 0
;;
check-fatal)
# This command is NOT part of the public interface.
$SHELL $daemon_directory/post-install create-missing || {
$FATAL unable to create missing queue directories
exit 1
}
# Look for incomplete installations.
test -f $config_directory/master.cf || {
$FATAL no $config_directory/master.cf file found
exit 1
}
maillog_file=`$command_directory/postconf -h maillog_file` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
test -n "$maillog_file" && {
$command_directory/postconf -M postlog/unix-dgram 2>/dev/null \
| grep . >/dev/null || {
$FATAL "missing 'postlog' service in master.cf - run 'postfix upgrade-configuration'"
exit 1
}
}
# See if all queue files are in the right place. This is slow.
# We must scan all queues for mis-named queue files before the
# mail system can run.
$command_directory/postsuper || exit 1
exit 0
;;
check-warn)
# This command is NOT part of the public interface.
# Check Postfix root-owned directory owner/permissions.
find $queue_directory/. $queue_directory/pid \
-prune ! -user root \
-exec $WARN not owned by root: {} \;
find $queue_directory/. $queue_directory/pid \
-prune \( -perm -020 -o -perm -002 \) \
-exec $WARN group or other writable: {} \;
# Check Postfix root-owned directory tree owner/permissions.
todo="$config_directory/."
test -n "$check_shared_files" && {
todo="$daemon_directory/. $meta_directory/. $todo"
test "$shlib_directory" = "no" ||
todo="$shlib_directory/. $todo"
}
todo=`echo "$todo" | tr ' ' '\12' | sort -u`
find $todo ! -user root \
-exec $WARN not owned by root: {} \;
# Handle symlinks separately
find -L $todo \( -perm -020 -o -perm -002 \) \
-exec $WARN group or other writable: {} \;
find $todo -type l | while read f; do \
# makedefs out known to be a symlink and OK
if [ "$f" != "/etc/postfix/./makedefs.out" ]; then \
readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \
fi \
done; \
# Check Postfix mail_owner-owned directory tree owner/permissions.
find $data_directory/. ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: {} \;
find $data_directory/. \( -perm -020 -o -perm -002 \) \
-exec $WARN group or other writable: {} \;
# Check Postfix mail_owner-owned directory tree owner.
find `ls -d $queue_directory/* | \
egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
! \( -type p -o -type s \) ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: {} \;
# WARNING: this should not descend into the maildrop directory.
# maildrop is the least trusted Postfix directory.
find $queue_directory/maildrop -prune ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: $queue_directory/maildrop \;
# Check Postfix setgid_group-owned directory and file group/permissions.
todo="$queue_directory/public $queue_directory/maildrop"
test -n "$check_shared_files" &&
todo="$command_directory/postqueue $command_directory/postdrop $todo"
find $todo \
-prune ! -group $setgid_group \
-exec $WARN not owned by group $setgid_group: {} \;
test -n "$check_shared_files" &&
find $command_directory/postqueue $command_directory/postdrop \
-prune ! -perm -02111 \
-exec $WARN not set-gid or not owner+group+world executable: {} \;
# Check non-Postfix root-owned directory tree owner/content.
for dir in bin etc lib sbin usr
do
test -d $dir && {
find $dir ! -user root \
-exec $WARN not owned by root: $queue_directory/{} \;
find $dir -type f -print | while read path
do
test -f /$path && {
cmp -s $path /$path ||
$WARN $queue_directory/$path and /$path differ
}
done
}
done
find corrupt -type f -exec $WARN damaged message: {} \;
# Check for non-Postfix MTA remnants.
test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \
-f /usr/lib/sendmail && {
cmp -s /usr/sbin/sendmail /usr/lib/sendmail || {
$WARN /usr/lib/sendmail and /usr/sbin/sendmail differ
$WARN Replace one by a symbolic link to the other
}
}
exit 0
;;
set-permissions|upgrade-configuration)
$daemon_directory/post-install create-missing "$@"
;;
post-install)
# Currently not part of the public interface.
shift
$daemon_directory/post-install "$@"
;;
tls)
shift
$daemon_directory/postfix-tls-script "$@"
;;
/*)
# Currently not part of the public interface.
"$@"
;;
logrotate)
case $# in
1) ;;
*) $FATAL "usage postfix $1 (no arguments)"; exit 1;;
esac
for name in maillog_file maillog_file_compressor \
maillog_file_rotate_suffix
do
value="`$command_directory/postconf -h $name`"
case "$value" in
"") $FATAL "empty '$name' parameter value - logfile rotation failed"
exit 1;;
esac
eval $name='"$value"';
done
case "$maillog_file" in
/dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;;
esac
errors=`(
suffix="\`date +$maillog_file_rotate_suffix\`" || exit 1
mv "$maillog_file" "$maillog_file.$suffix" || exit 1
$daemon_directory/master -t 2>/dev/null ||
kill -HUP \`sed 1q pid/master.pid\` || exit 1
sleep 1
"$maillog_file_compressor" "$maillog_file.$suffix" || exit 1
) 2>&1` || {
$FATAL "logfile '$maillog_file' rotation failed: $errors"
exit 1
}
;;
*)
$FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration, logrotate)"
exit 1
;;
esac

1
postfix/virtual Normal file
View file

@ -0,0 +1 @@
postmaster@toetersnoet.nl toetersnoet

5
postfix/virtual-alias-maps.conf Normal file
View file

@ -0,0 +1,5 @@
user = virtualmail
password = nusif78yadkasc8ujieaw89y
hosts = 127.0.0.1
dbname = mailserver
query = select distinct destination from vw_aliases where source='%s' or source = '@%d' and not EXISTS(select email from vw_mailboxes where email = '%s') union ALL select email as destination from vw_mailboxes where email = '%s'

5
postfix/virtual-canonical-maps.conf Normal file
View file

@ -0,0 +1,5 @@
user = virtualmail
password = nusif78yadkasc8ujieaw89y
hosts = 127.0.0.1
dbname = mailserver
query = SELECT destination, source FROM `vw_aliases` where SUBSTRING_INDEX(destination,'@',-1) not in(select domainName from domains) and source = '%s'

5
postfix/virtual-mailbox-domains.conf Normal file
View file

@ -0,0 +1,5 @@
user = virtualmail
password = nusif78yadkasc8ujieaw89y
hosts = 127.0.0.1
dbname = mailserver
query = SELECT domainName FROM domains WHERE DomainName ='%s'

5
postfix/virtual-mailbox-senders.conf Normal file
View file

@ -0,0 +1,5 @@
user = virtualmail
password = nusif78yadkasc8ujieaw89y
hosts = 127.0.0.1
dbname = mailserver
query = SELECT Email as mail FROM vw_mailboxes WHERE Email='%s'

5
postfix/virtual-mailbox-users.conf Normal file
View file

@ -0,0 +1,5 @@
user = virtualmail
password = nusif78yadkasc8ujieaw89y
hosts = 127.0.0.1
dbname = mailserver
query = SELECT mailPathRel FROM vw_mailboxes WHERE Email='%s'

BIN
postfix/virtual.db Normal file
View file

Binary file not shown.

3
postfix/vmailbox Normal file
View file

@ -0,0 +1,3 @@
job@toetersnoet.nl toetersnoet.nl/job/
test@toetersnoet.nl toetersnoet.nl/test/
bianca@toetersnoet.nl toetersnoet.nl/bianca/

BIN
postfix/vmailbox.db Normal file
View file

Binary file not shown.