mail server config updated
This commit is contained in:
parent
aabe3a1ea6
commit
cf8917a994
5689 changed files with 697529 additions and 2 deletions
|
@ -1,2 +0,0 @@
|
||||||
# mail_server
|
|
||||||
Self Hosted Email Server with postfixadmin + roundcubemail + dovecot + postfix + spamassassin
|
|
212
README.txt
Normal file
212
README.txt
Normal file
|
@ -0,0 +1,212 @@
|
||||||
|
# mail_server
|
||||||
|
Self Hosted Email Server with postfixadmin + roundcubemail + dovecot + postfix + spamassassin
|
||||||
|
|
||||||
|
|
||||||
|
#######################################################
|
||||||
|
|
||||||
|
Self Hosted Email Server with postfixadmin + roundcubemail + dovecot + postfix + spamassassin
|
||||||
|
|
||||||
|
#######################################################
|
||||||
|
|
||||||
|
# Following resources depends on your users count.
|
||||||
|
# Up to 200 users.
|
||||||
|
# Up to 20k mail flow daily mail flow handles.
|
||||||
|
RAM: 2GB with clamav scanner 4GB RAM required.
|
||||||
|
SWAP: 2X RAM
|
||||||
|
Disk: 50GB or as per your users count.
|
||||||
|
CPU: 2 or 4 core.
|
||||||
|
|
||||||
|
# OS: Centos 7
|
||||||
|
# Install required packages.
|
||||||
|
|
||||||
|
yum install -y epel-release yum-utils http://rpms.remirepo.net/enterprise/remi-release-7.rpm vim net-tools ; yum-config-manager --enable remi-php74 ; yum -y install postfix dovecot dovecot-mysql dovecot-pigeonhole mariadb-server telnet mailx wget ; yum -y install spamassassin ; yum install -y libopendkim opendkim; yum install -y postgrey spamassassin spamass-milter-postfix spamass-milter; yum install -y clamav-filesystem clamav-server clamav-update clamav-milter-systemd clamav-data clamav-server-systemd clamav-scanner-systemd clamav clamav-milter clamav-lib clamav-devel; yum install -y php php-cli php-gd php-xml php-curl php-mysql php-zip php-mbstring php-mcrypt php-fpm php-imap php-common php-pdo php-intl php-imagick; yum update -y; yum clean all;
|
||||||
|
|
||||||
|
# Enable and start mariadb service.
|
||||||
|
|
||||||
|
systemctl enable mariadb && systemctl start mariadb && systemctl status mariadb
|
||||||
|
|
||||||
|
# Disable selinux.
|
||||||
|
|
||||||
|
getenforce
|
||||||
|
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
|
||||||
|
setenforce 0
|
||||||
|
|
||||||
|
# Reboot server.
|
||||||
|
|
||||||
|
reboot
|
||||||
|
|
||||||
|
# Setup MySQL root password.
|
||||||
|
|
||||||
|
mysql_secure_installation
|
||||||
|
|
||||||
|
Configure it like this:
|
||||||
|
- Enter current password for root (enter for none): (Just Enter)
|
||||||
|
- Set root password? [Y/n] y
|
||||||
|
New password: <STRONGPASSWORD>
|
||||||
|
Re-enter new password: <STRONGPASSWORD>
|
||||||
|
Password updated successfully!
|
||||||
|
- Remove anonymous users? [Y/n] y
|
||||||
|
- Disallow root login remotely? [Y/n] y
|
||||||
|
- Remove test database and access to it? [Y/n] y
|
||||||
|
- Reload privilege tables now? [Y/n] y
|
||||||
|
|
||||||
|
# Login mysql account and create DB.
|
||||||
|
|
||||||
|
mysql -u root -p;
|
||||||
|
|
||||||
|
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'example#2345';
|
||||||
|
SELECT host, user FROM mysql.user;
|
||||||
|
|
||||||
|
CREATE DATABASE vmailadmin;
|
||||||
|
GRANT ALL PRIVILEGES ON vmailadmin.* TO 'vmailadmin'@'localhost' IDENTIFIED BY 'STRONGPASSWORD';
|
||||||
|
grant select on vmailadmin.* to 'vmailadmin'@'localhost' identified by 'STRONGPASSWORD';
|
||||||
|
FLUSH PRIVILEGES;
|
||||||
|
SELECT host, user FROM mysql.user;
|
||||||
|
exit
|
||||||
|
|
||||||
|
# Create roundcube database and user.
|
||||||
|
|
||||||
|
mysql -u root -p;
|
||||||
|
|
||||||
|
CREATE DATABASE roundcubemail CHARACTER SET utf8 COLLATE utf8_general_ci;
|
||||||
|
CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'password';
|
||||||
|
GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost';
|
||||||
|
FLUSH PRIVILEGES;
|
||||||
|
exit
|
||||||
|
|
||||||
|
# Create mailstore directory for store users mails in this location.
|
||||||
|
|
||||||
|
mkdir -p /mailstore/vmail
|
||||||
|
useradd -r -u 2000 -g mail -d /mailstore/vmail -s /sbin/nologin -c "MyHosted Virtual Mail User" vmail
|
||||||
|
mkdir -p /mailstore/vmail
|
||||||
|
chmod -R 770 /mailstore/vmail
|
||||||
|
chown -R vmail:mail /mailstore/vmail
|
||||||
|
|
||||||
|
# Postfix configuration.
|
||||||
|
|
||||||
|
cp -a /etc/postfix /etc/postfix_original
|
||||||
|
|
||||||
|
# Dovecot configuration.
|
||||||
|
|
||||||
|
cp -a /etc/dovecot /etc/dovecot_original
|
||||||
|
|
||||||
|
# Pull github code.
|
||||||
|
|
||||||
|
cd /root/
|
||||||
|
git clone https://github.com/harishjadhav26/mail_server.git
|
||||||
|
|
||||||
|
# Remove postfix and dovecot config.
|
||||||
|
|
||||||
|
rm -rf /etc/postfix
|
||||||
|
|
||||||
|
rm -rf /etc/dovecot
|
||||||
|
|
||||||
|
# Copy postfix and dovecot new config files.
|
||||||
|
|
||||||
|
cp -a /root/mail_server/postfix /etc/postfix
|
||||||
|
|
||||||
|
cp -a /root/mail_server/dovecot /etc/dovecot
|
||||||
|
|
||||||
|
# Copy postfixadmin and roundcubemail configuration in html.
|
||||||
|
|
||||||
|
cp -a /root/mail_server/postfixadmin /var/www/html/
|
||||||
|
|
||||||
|
cp -a /root/mail_server/roundcubemail /var/www/html/
|
||||||
|
|
||||||
|
# Import postfixadmin and roundcubemail DB.
|
||||||
|
|
||||||
|
mysql -u root -p vmailadmin < /root/mail_server/vmailadmin.sql
|
||||||
|
mysql -u root -p roundcubemail < /root/mail_server/roundcubemail.sql
|
||||||
|
|
||||||
|
# Copy dovecot quota script.
|
||||||
|
|
||||||
|
cp /root/mail_server/quota-warning.sh /usr/local/bin/quota-warning.sh
|
||||||
|
|
||||||
|
# configure SpamAssassin.
|
||||||
|
|
||||||
|
cp /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/local.cf_original
|
||||||
|
|
||||||
|
cp /root/mail_server/local.cf /etc/mail/spamassassin/local.cf
|
||||||
|
|
||||||
|
# PHP config file.
|
||||||
|
|
||||||
|
cp /etc/php.ini /etc/php.ini_original
|
||||||
|
|
||||||
|
cp /root/mail_server/php.ini /etc/php.ini
|
||||||
|
|
||||||
|
# Add new user to run SpamAssassin. ** -g = add to group spamd, -s /bin/false = No shell (does not mean, cannot access via SSH!), -d = home dir **
|
||||||
|
|
||||||
|
groupadd spamd
|
||||||
|
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
|
||||||
|
chown -R spamd:spamd /var/log/spamassassin
|
||||||
|
|
||||||
|
# Update the spam rules by running
|
||||||
|
|
||||||
|
time sa-update
|
||||||
|
|
||||||
|
# Update ownership to dovecot and postfix files.
|
||||||
|
|
||||||
|
touch /etc/postfix/sasl_passwd
|
||||||
|
touch /var/lib/postfix/smtpd_scache
|
||||||
|
postmap /etc/postfix/sasl_passwd
|
||||||
|
postmap /etc/postfix/master.cf
|
||||||
|
postmap /etc/postfix/main.cf
|
||||||
|
postmap /etc/postfix/sql/*.cf
|
||||||
|
postmap /etc/postfix/header_checks
|
||||||
|
postmap /etc/postfix/transport
|
||||||
|
|
||||||
|
# Update files permission.
|
||||||
|
|
||||||
|
chown -R root:postfix /etc/postfix/sql/*
|
||||||
|
sudo chmod 0640 /etc/postfix/sql/*
|
||||||
|
chown -R postfix. /var/lib/postfix/smtpd_scache
|
||||||
|
|
||||||
|
# Dovecot config permission and ownership update.
|
||||||
|
|
||||||
|
chown -R vmail.mail /var/run/dovecot/dict
|
||||||
|
|
||||||
|
# Update postfixadmin and roundcubemail configuration.
|
||||||
|
|
||||||
|
chown -R apache. /var/www/html/*
|
||||||
|
|
||||||
|
# Send mail from command line.
|
||||||
|
|
||||||
|
echo "hello" | mail -r harish@example.com -s "test sub" postmaster@example.com
|
||||||
|
|
||||||
|
# Service restart.
|
||||||
|
|
||||||
|
systemctl enable mariadb dovecot postfix httpd spamassassin php-fpm
|
||||||
|
systemctl restart mariadb dovecot postfix httpd spamassassin php-fpm
|
||||||
|
systemctl status mariadb dovecot postfix httpd spamassassin php-fpm
|
||||||
|
|
||||||
|
# Default password:
|
||||||
|
PostfixadminDB:
|
||||||
|
MySQL USER: vmailadmin
|
||||||
|
Password: STRONGPASSWORD
|
||||||
|
|
||||||
|
RoundcubemailDB:
|
||||||
|
MySQL User: roundcube
|
||||||
|
Password: password
|
||||||
|
|
||||||
|
Postfixadmin:
|
||||||
|
Superadmin User: postmaster@example.com
|
||||||
|
Password: password#123
|
||||||
|
|
||||||
|
Roundcubemail:
|
||||||
|
User: postmaster@example.com
|
||||||
|
Password: password#123
|
||||||
|
|
||||||
|
# Reset User PAssword from DB and Set in Postfixadmin, Roundcubemail, Postfix and Dovecot.
|
||||||
|
|
||||||
|
sed -i 's/password = postfixadmin_password/password = STRONGPASSWORD/g' /etc/postfix/sql/*.cf
|
||||||
|
|
||||||
|
# Quota update for all domain users.
|
||||||
|
doveadm quota recalc -u *@*
|
||||||
|
|
||||||
|
# Quota verify.
|
||||||
|
sudo doveadm quota get -A
|
||||||
|
|
||||||
|
# Clamav anti-virus.
|
||||||
|
https://www.snel.com/support/clamav-anti-virus-for-postfix-on-plesk-obsidian-on-centos-7/
|
||||||
|
|
||||||
|
|
131
dovecot/conf.d/10-auth.conf
Normal file
131
dovecot/conf.d/10-auth.conf
Normal file
|
@ -0,0 +1,131 @@
|
||||||
|
##
|
||||||
|
## Authentication processes
|
||||||
|
##
|
||||||
|
|
||||||
|
# Disable LOGIN command and all other plaintext authentications unless
|
||||||
|
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
|
||||||
|
# matches the local IP (ie. you're connecting from the same computer), the
|
||||||
|
# connection is considered secure and plaintext authentication is allowed.
|
||||||
|
# See also ssl=required setting.
|
||||||
|
disable_plaintext_auth = no
|
||||||
|
|
||||||
|
# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
|
||||||
|
# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
|
||||||
|
#auth_cache_size = 0
|
||||||
|
# Time to live for cached data. After TTL expires the cached record is no
|
||||||
|
# longer used, *except* if the main database lookup returns internal failure.
|
||||||
|
# We also try to handle password changes automatically: If user's previous
|
||||||
|
# authentication was successful, but this one wasn't, the cache isn't used.
|
||||||
|
# For now this works only with plaintext authentication.
|
||||||
|
#auth_cache_ttl = 1 hour
|
||||||
|
# TTL for negative hits (user not found, password mismatch).
|
||||||
|
# 0 disables caching them completely.
|
||||||
|
#auth_cache_negative_ttl = 1 hour
|
||||||
|
|
||||||
|
# Space separated list of realms for SASL authentication mechanisms that need
|
||||||
|
# them. You can leave it empty if you don't want to support multiple realms.
|
||||||
|
# Many clients simply use the first one listed here, so keep the default realm
|
||||||
|
# first.
|
||||||
|
#auth_realms =
|
||||||
|
|
||||||
|
# Default realm/domain to use if none was specified. This is used for both
|
||||||
|
# SASL realms and appending @domain to username in plaintext logins.
|
||||||
|
#auth_default_realm =
|
||||||
|
|
||||||
|
# List of allowed characters in username. If the user-given username contains
|
||||||
|
# a character not listed in here, the login automatically fails. This is just
|
||||||
|
# an extra check to make sure user can't exploit any potential quote escaping
|
||||||
|
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
|
||||||
|
# set this value to empty.
|
||||||
|
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
|
||||||
|
|
||||||
|
# Username character translations before it's looked up from databases. The
|
||||||
|
# value contains series of from -> to characters. For example "#@/@" means
|
||||||
|
# that '#' and '/' characters are translated to '@'.
|
||||||
|
#auth_username_translation =
|
||||||
|
|
||||||
|
# Username formatting before it's looked up from databases. You can use
|
||||||
|
# the standard variables here, eg. %Lu would lowercase the username, %n would
|
||||||
|
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
|
||||||
|
# "-AT-". This translation is done after auth_username_translation changes.
|
||||||
|
auth_username_format = %u
|
||||||
|
|
||||||
|
# If you want to allow master users to log in by specifying the master
|
||||||
|
# username within the normal username string (ie. not using SASL mechanism's
|
||||||
|
# support for it), you can specify the separator character here. The format
|
||||||
|
# is then <username><separator><master username>. UW-IMAP uses "*" as the
|
||||||
|
# separator, so that could be a good choice.
|
||||||
|
#auth_master_user_separator =
|
||||||
|
|
||||||
|
# Username to use for users logging in with ANONYMOUS SASL mechanism
|
||||||
|
#auth_anonymous_username = anonymous
|
||||||
|
|
||||||
|
# Maximum number of dovecot-auth worker processes. They're used to execute
|
||||||
|
# blocking passdb and userdb queries (eg. MySQL and PAM). They're
|
||||||
|
# automatically created and destroyed as needed.
|
||||||
|
#auth_worker_max_count = 30
|
||||||
|
|
||||||
|
# Host name to use in GSSAPI principal names. The default is to use the
|
||||||
|
# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
|
||||||
|
# entries.
|
||||||
|
#auth_gssapi_hostname =
|
||||||
|
|
||||||
|
# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
|
||||||
|
# default (usually /etc/krb5.keytab) if not specified. You may need to change
|
||||||
|
# the auth service to run as root to be able to read this file.
|
||||||
|
#auth_krb5_keytab =
|
||||||
|
|
||||||
|
# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
|
||||||
|
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
|
||||||
|
#auth_use_winbind = no
|
||||||
|
|
||||||
|
# Path for Samba's ntlm_auth helper binary.
|
||||||
|
#auth_winbind_helper_path = /usr/bin/ntlm_auth
|
||||||
|
|
||||||
|
# Time to delay before replying to failed authentications.
|
||||||
|
#auth_failure_delay = 2 secs
|
||||||
|
|
||||||
|
# Require a valid SSL client certificate or the authentication fails.
|
||||||
|
#auth_ssl_require_client_cert = no
|
||||||
|
|
||||||
|
# Take the username from client's SSL certificate, using
|
||||||
|
# X509_NAME_get_text_by_NID() which returns the subject's DN's
|
||||||
|
# CommonName.
|
||||||
|
#auth_ssl_username_from_cert = no
|
||||||
|
|
||||||
|
# Space separated list of wanted authentication mechanisms:
|
||||||
|
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
|
||||||
|
# gss-spnego
|
||||||
|
# NOTE: See also disable_plaintext_auth setting.
|
||||||
|
auth_mechanisms = plain login
|
||||||
|
|
||||||
|
##
|
||||||
|
## Password and user databases
|
||||||
|
##
|
||||||
|
|
||||||
|
#
|
||||||
|
# Password database is used to verify user's password (and nothing more).
|
||||||
|
# You can have multiple passdbs and userdbs. This is useful if you want to
|
||||||
|
# allow both system users (/etc/passwd) and virtual users to login without
|
||||||
|
# duplicating the system users into virtual database.
|
||||||
|
#
|
||||||
|
# <doc/wiki/PasswordDatabase.txt>
|
||||||
|
#
|
||||||
|
# User database specifies where mails are located and what user/group IDs
|
||||||
|
# own them. For single-UID configuration use "static" userdb.
|
||||||
|
#
|
||||||
|
# <doc/wiki/UserDatabase.txt>
|
||||||
|
|
||||||
|
#!include auth-deny.conf.ext
|
||||||
|
#!include auth-master.conf.ext
|
||||||
|
|
||||||
|
#!include auth-system.conf.ext
|
||||||
|
!include auth-sql.conf.ext
|
||||||
|
#!include auth-ldap.conf.ext
|
||||||
|
#!include auth-passwdfile.conf.ext
|
||||||
|
#!include auth-checkpassword.conf.ext
|
||||||
|
#!include auth-vpopmail.conf.ext
|
||||||
|
#!include auth-static.conf.ext
|
||||||
|
|
||||||
|
auth_debug = yes
|
||||||
|
auth_debug_passwords = yes
|
128
dovecot/conf.d/10-auth.conf_original
Normal file
128
dovecot/conf.d/10-auth.conf_original
Normal file
|
@ -0,0 +1,128 @@
|
||||||
|
##
|
||||||
|
## Authentication processes
|
||||||
|
##
|
||||||
|
|
||||||
|
# Disable LOGIN command and all other plaintext authentications unless
|
||||||
|
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
|
||||||
|
# matches the local IP (ie. you're connecting from the same computer), the
|
||||||
|
# connection is considered secure and plaintext authentication is allowed.
|
||||||
|
# See also ssl=required setting.
|
||||||
|
#disable_plaintext_auth = yes
|
||||||
|
|
||||||
|
# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
|
||||||
|
# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
|
||||||
|
#auth_cache_size = 0
|
||||||
|
# Time to live for cached data. After TTL expires the cached record is no
|
||||||
|
# longer used, *except* if the main database lookup returns internal failure.
|
||||||
|
# We also try to handle password changes automatically: If user's previous
|
||||||
|
# authentication was successful, but this one wasn't, the cache isn't used.
|
||||||
|
# For now this works only with plaintext authentication.
|
||||||
|
#auth_cache_ttl = 1 hour
|
||||||
|
# TTL for negative hits (user not found, password mismatch).
|
||||||
|
# 0 disables caching them completely.
|
||||||
|
#auth_cache_negative_ttl = 1 hour
|
||||||
|
|
||||||
|
# Space separated list of realms for SASL authentication mechanisms that need
|
||||||
|
# them. You can leave it empty if you don't want to support multiple realms.
|
||||||
|
# Many clients simply use the first one listed here, so keep the default realm
|
||||||
|
# first.
|
||||||
|
#auth_realms =
|
||||||
|
|
||||||
|
# Default realm/domain to use if none was specified. This is used for both
|
||||||
|
# SASL realms and appending @domain to username in plaintext logins.
|
||||||
|
#auth_default_realm =
|
||||||
|
|
||||||
|
# List of allowed characters in username. If the user-given username contains
|
||||||
|
# a character not listed in here, the login automatically fails. This is just
|
||||||
|
# an extra check to make sure user can't exploit any potential quote escaping
|
||||||
|
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
|
||||||
|
# set this value to empty.
|
||||||
|
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
|
||||||
|
|
||||||
|
# Username character translations before it's looked up from databases. The
|
||||||
|
# value contains series of from -> to characters. For example "#@/@" means
|
||||||
|
# that '#' and '/' characters are translated to '@'.
|
||||||
|
#auth_username_translation =
|
||||||
|
|
||||||
|
# Username formatting before it's looked up from databases. You can use
|
||||||
|
# the standard variables here, eg. %Lu would lowercase the username, %n would
|
||||||
|
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
|
||||||
|
# "-AT-". This translation is done after auth_username_translation changes.
|
||||||
|
#auth_username_format = %Lu
|
||||||
|
|
||||||
|
# If you want to allow master users to log in by specifying the master
|
||||||
|
# username within the normal username string (ie. not using SASL mechanism's
|
||||||
|
# support for it), you can specify the separator character here. The format
|
||||||
|
# is then <username><separator><master username>. UW-IMAP uses "*" as the
|
||||||
|
# separator, so that could be a good choice.
|
||||||
|
#auth_master_user_separator =
|
||||||
|
|
||||||
|
# Username to use for users logging in with ANONYMOUS SASL mechanism
|
||||||
|
#auth_anonymous_username = anonymous
|
||||||
|
|
||||||
|
# Maximum number of dovecot-auth worker processes. They're used to execute
|
||||||
|
# blocking passdb and userdb queries (eg. MySQL and PAM). They're
|
||||||
|
# automatically created and destroyed as needed.
|
||||||
|
#auth_worker_max_count = 30
|
||||||
|
|
||||||
|
# Host name to use in GSSAPI principal names. The default is to use the
|
||||||
|
# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
|
||||||
|
# entries.
|
||||||
|
#auth_gssapi_hostname =
|
||||||
|
|
||||||
|
# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
|
||||||
|
# default (usually /etc/krb5.keytab) if not specified. You may need to change
|
||||||
|
# the auth service to run as root to be able to read this file.
|
||||||
|
#auth_krb5_keytab =
|
||||||
|
|
||||||
|
# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
|
||||||
|
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
|
||||||
|
#auth_use_winbind = no
|
||||||
|
|
||||||
|
# Path for Samba's ntlm_auth helper binary.
|
||||||
|
#auth_winbind_helper_path = /usr/bin/ntlm_auth
|
||||||
|
|
||||||
|
# Time to delay before replying to failed authentications.
|
||||||
|
#auth_failure_delay = 2 secs
|
||||||
|
|
||||||
|
# Require a valid SSL client certificate or the authentication fails.
|
||||||
|
#auth_ssl_require_client_cert = no
|
||||||
|
|
||||||
|
# Take the username from client's SSL certificate, using
|
||||||
|
# X509_NAME_get_text_by_NID() which returns the subject's DN's
|
||||||
|
# CommonName.
|
||||||
|
#auth_ssl_username_from_cert = no
|
||||||
|
|
||||||
|
# Space separated list of wanted authentication mechanisms:
|
||||||
|
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
|
||||||
|
# gss-spnego
|
||||||
|
# NOTE: See also disable_plaintext_auth setting.
|
||||||
|
auth_mechanisms = plain
|
||||||
|
|
||||||
|
##
|
||||||
|
## Password and user databases
|
||||||
|
##
|
||||||
|
|
||||||
|
#
|
||||||
|
# Password database is used to verify user's password (and nothing more).
|
||||||
|
# You can have multiple passdbs and userdbs. This is useful if you want to
|
||||||
|
# allow both system users (/etc/passwd) and virtual users to login without
|
||||||
|
# duplicating the system users into virtual database.
|
||||||
|
#
|
||||||
|
# <doc/wiki/PasswordDatabase.txt>
|
||||||
|
#
|
||||||
|
# User database specifies where mails are located and what user/group IDs
|
||||||
|
# own them. For single-UID configuration use "static" userdb.
|
||||||
|
#
|
||||||
|
# <doc/wiki/UserDatabase.txt>
|
||||||
|
|
||||||
|
#!include auth-deny.conf.ext
|
||||||
|
#!include auth-master.conf.ext
|
||||||
|
|
||||||
|
!include auth-system.conf.ext
|
||||||
|
#!include auth-sql.conf.ext
|
||||||
|
#!include auth-ldap.conf.ext
|
||||||
|
#!include auth-passwdfile.conf.ext
|
||||||
|
#!include auth-checkpassword.conf.ext
|
||||||
|
#!include auth-vpopmail.conf.ext
|
||||||
|
#!include auth-static.conf.ext
|
61
dovecot/conf.d/10-director.conf
Normal file
61
dovecot/conf.d/10-director.conf
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
##
|
||||||
|
## Director-specific settings.
|
||||||
|
##
|
||||||
|
|
||||||
|
# Director can be used by Dovecot proxy to keep a temporary user -> mail server
|
||||||
|
# mapping. As long as user has simultaneous connections, the user is always
|
||||||
|
# redirected to the same server. Each proxy server is running its own director
|
||||||
|
# process, and the directors are communicating the state to each others.
|
||||||
|
# Directors are mainly useful with NFS-like setups.
|
||||||
|
|
||||||
|
# List of IPs or hostnames to all director servers, including ourself.
|
||||||
|
# Ports can be specified as ip:port. The default port is the same as
|
||||||
|
# what director service's inet_listener is using.
|
||||||
|
#director_servers =
|
||||||
|
|
||||||
|
# List of IPs or hostnames to all backend mail servers. Ranges are allowed
|
||||||
|
# too, like 10.0.0.10-10.0.0.30.
|
||||||
|
#director_mail_servers =
|
||||||
|
|
||||||
|
# How long to redirect users to a specific server after it no longer has
|
||||||
|
# any connections.
|
||||||
|
#director_user_expire = 15 min
|
||||||
|
|
||||||
|
# TCP/IP port that accepts doveadm connections (instead of director connections)
|
||||||
|
# If you enable this, you'll also need to add inet_listener for the port.
|
||||||
|
#director_doveadm_port = 0
|
||||||
|
|
||||||
|
# How the username is translated before being hashed. Useful values include
|
||||||
|
# %Ln if user can log in with or without @domain, %Ld if mailboxes are shared
|
||||||
|
# within domain.
|
||||||
|
#director_username_hash = %Lu
|
||||||
|
|
||||||
|
# To enable director service, uncomment the modes and assign a port.
|
||||||
|
service director {
|
||||||
|
unix_listener login/director {
|
||||||
|
#mode = 0666
|
||||||
|
}
|
||||||
|
fifo_listener login/proxy-notify {
|
||||||
|
#mode = 0666
|
||||||
|
}
|
||||||
|
unix_listener director-userdb {
|
||||||
|
#mode = 0600
|
||||||
|
}
|
||||||
|
inet_listener {
|
||||||
|
#port =
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Enable director for the wanted login services by telling them to
|
||||||
|
# connect to director socket instead of the default login socket:
|
||||||
|
service imap-login {
|
||||||
|
#executable = imap-login director
|
||||||
|
}
|
||||||
|
service pop3-login {
|
||||||
|
#executable = pop3-login director
|
||||||
|
}
|
||||||
|
|
||||||
|
# Enable director for LMTP proxying:
|
||||||
|
protocol lmtp {
|
||||||
|
#auth_socket_path = director-userdb
|
||||||
|
}
|
89
dovecot/conf.d/10-logging.conf
Normal file
89
dovecot/conf.d/10-logging.conf
Normal file
|
@ -0,0 +1,89 @@
|
||||||
|
##
|
||||||
|
## Log destination.
|
||||||
|
##
|
||||||
|
|
||||||
|
# Log file to use for error messages. "syslog" logs to syslog,
|
||||||
|
# /dev/stderr logs to stderr.
|
||||||
|
log_path = /var/log/dovecot.log
|
||||||
|
|
||||||
|
# Log file to use for informational messages. Defaults to log_path.
|
||||||
|
#info_log_path =
|
||||||
|
# Log file to use for debug messages. Defaults to info_log_path.
|
||||||
|
#debug_log_path =
|
||||||
|
|
||||||
|
# Syslog facility to use if you're logging to syslog. Usually if you don't
|
||||||
|
# want to use "mail", you'll use local0..local7. Also other standard
|
||||||
|
# facilities are supported.
|
||||||
|
#syslog_facility = mail
|
||||||
|
|
||||||
|
##
|
||||||
|
## Logging verbosity and debugging.
|
||||||
|
##
|
||||||
|
|
||||||
|
# Log unsuccessful authentication attempts and the reasons why they failed.
|
||||||
|
#auth_verbose = no
|
||||||
|
|
||||||
|
# In case of password mismatches, log the attempted password. Valid values are
|
||||||
|
# no, plain and sha1. sha1 can be useful for detecting brute force password
|
||||||
|
# attempts vs. user simply trying the same password over and over again.
|
||||||
|
# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
|
||||||
|
#auth_verbose_passwords = no
|
||||||
|
|
||||||
|
# Even more verbose logging for debugging purposes. Shows for example SQL
|
||||||
|
# queries.
|
||||||
|
#auth_debug = no
|
||||||
|
|
||||||
|
# In case of password mismatches, log the passwords and used scheme so the
|
||||||
|
# problem can be debugged. Enabling this also enables auth_debug.
|
||||||
|
#auth_debug_passwords = no
|
||||||
|
|
||||||
|
# Enable mail process debugging. This can help you figure out why Dovecot
|
||||||
|
# isn't finding your mails.
|
||||||
|
#mail_debug = no
|
||||||
|
|
||||||
|
# Show protocol level SSL errors.
|
||||||
|
#verbose_ssl = no
|
||||||
|
|
||||||
|
# mail_log plugin provides more event logging for mail processes.
|
||||||
|
plugin {
|
||||||
|
# Events to log. Also available: flag_change append
|
||||||
|
#mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
|
||||||
|
# Available fields: uid, box, msgid, from, subject, size, vsize, flags
|
||||||
|
# size and vsize are available only for expunge and copy events.
|
||||||
|
#mail_log_fields = uid box msgid size
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
## Log formatting.
|
||||||
|
##
|
||||||
|
|
||||||
|
# Prefix for each line written to log file. % codes are in strftime(3)
|
||||||
|
# format.
|
||||||
|
#log_timestamp = "%b %d %H:%M:%S "
|
||||||
|
|
||||||
|
# Space-separated list of elements we want to log. The elements which have
|
||||||
|
# a non-empty variable value are joined together to form a comma-separated
|
||||||
|
# string.
|
||||||
|
#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
|
||||||
|
|
||||||
|
# Login log format. %s contains login_log_format_elements string, %$ contains
|
||||||
|
# the data we want to log.
|
||||||
|
#login_log_format = %$: %s
|
||||||
|
|
||||||
|
# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
|
||||||
|
# possible variables you can use.
|
||||||
|
#mail_log_prefix = "%s(%u): "
|
||||||
|
|
||||||
|
# Format to use for logging mail deliveries:
|
||||||
|
# %$ - Delivery status message (e.g. "saved to INBOX")
|
||||||
|
# %m / %{msgid} - Message-ID
|
||||||
|
# %s / %{subject} - Subject
|
||||||
|
# %f / %{from} - From address
|
||||||
|
# %p / %{size} - Physical size
|
||||||
|
# %w / %{vsize} - Virtual size
|
||||||
|
# %e / %{from_envelope} - MAIL FROM envelope
|
||||||
|
# %{to_envelope} - RCPT TO envelope
|
||||||
|
# %{delivery_time} - How many milliseconds it took to deliver the mail
|
||||||
|
# %{session_time} - How long LMTP session took, not including delivery_time
|
||||||
|
# %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
|
||||||
|
#deliver_log_format = msgid=%m: %$
|
413
dovecot/conf.d/10-mail.conf
Normal file
413
dovecot/conf.d/10-mail.conf
Normal file
|
@ -0,0 +1,413 @@
|
||||||
|
##
|
||||||
|
## Mailbox locations and namespaces
|
||||||
|
##
|
||||||
|
|
||||||
|
# Location for users' mailboxes. The default is empty, which means that Dovecot
|
||||||
|
# tries to find the mailboxes automatically. This won't work if the user
|
||||||
|
# doesn't yet have any mail, so you should explicitly tell Dovecot the full
|
||||||
|
# location.
|
||||||
|
#
|
||||||
|
# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
|
||||||
|
# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
|
||||||
|
# kept. This is called the "root mail directory", and it must be the first
|
||||||
|
# path given in the mail_location setting.
|
||||||
|
#
|
||||||
|
# There are a few special variables you can use, eg.:
|
||||||
|
#
|
||||||
|
# %u - username
|
||||||
|
# %n - user part in user@domain, same as %u if there's no domain
|
||||||
|
# %d - domain part in user@domain, empty if there's no domain
|
||||||
|
# %h - home directory
|
||||||
|
#
|
||||||
|
# See doc/wiki/Variables.txt for full list. Some examples:
|
||||||
|
#
|
||||||
|
# mail_location = maildir:~/Maildir
|
||||||
|
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
|
||||||
|
# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
|
||||||
|
#
|
||||||
|
# <doc/wiki/MailLocation.txt>
|
||||||
|
#
|
||||||
|
mail_location = mdbox:~/mbox:INDEX=~/mbox/indexes:ALT=/altmailstore/vmail/%d/%n/mdbox
|
||||||
|
mail_home = /mailstore/vmail/%d/%n
|
||||||
|
|
||||||
|
# If you need to set multiple mailbox locations or want to change default
|
||||||
|
# namespace settings, you can do it by defining namespace sections.
|
||||||
|
#
|
||||||
|
# You can have private, shared and public namespaces. Private namespaces
|
||||||
|
# are for user's personal mails. Shared namespaces are for accessing other
|
||||||
|
# users' mailboxes that have been shared. Public namespaces are for shared
|
||||||
|
# mailboxes that are managed by sysadmin. If you create any shared or public
|
||||||
|
# namespaces you'll typically want to enable ACL plugin also, otherwise all
|
||||||
|
# users can access all the shared mailboxes, assuming they have permissions
|
||||||
|
# on filesystem level to do so.
|
||||||
|
namespace inbox {
|
||||||
|
# Namespace type: private, shared or public
|
||||||
|
#type = private
|
||||||
|
|
||||||
|
# Hierarchy separator to use. You should use the same separator for all
|
||||||
|
# namespaces or some clients get confused. '/' is usually a good one.
|
||||||
|
# The default however depends on the underlying mail storage format.
|
||||||
|
#separator =
|
||||||
|
|
||||||
|
# Prefix required to access this namespace. This needs to be different for
|
||||||
|
# all namespaces. For example "Public/".
|
||||||
|
#prefix =
|
||||||
|
|
||||||
|
# Physical location of the mailbox. This is in same format as
|
||||||
|
# mail_location, which is also the default for it.
|
||||||
|
#location =
|
||||||
|
|
||||||
|
# There can be only one INBOX, and this setting defines which namespace
|
||||||
|
# has it.
|
||||||
|
inbox = yes
|
||||||
|
|
||||||
|
# If namespace is hidden, it's not advertised to clients via NAMESPACE
|
||||||
|
# extension. You'll most likely also want to set list=no. This is mostly
|
||||||
|
# useful when converting from another server with different namespaces which
|
||||||
|
# you want to deprecate but still keep working. For example you can create
|
||||||
|
# hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
|
||||||
|
#hidden = no
|
||||||
|
|
||||||
|
# Show the mailboxes under this namespace with LIST command. This makes the
|
||||||
|
# namespace visible for clients that don't support NAMESPACE extension.
|
||||||
|
# "children" value lists child mailboxes, but hides the namespace prefix.
|
||||||
|
#list = yes
|
||||||
|
|
||||||
|
# Namespace handles its own subscriptions. If set to "no", the parent
|
||||||
|
# namespace handles them (empty prefix should always have this as "yes")
|
||||||
|
#subscriptions = yes
|
||||||
|
|
||||||
|
# See 15-mailboxes.conf for definitions of special mailboxes.
|
||||||
|
}
|
||||||
|
|
||||||
|
# Example shared namespace configuration
|
||||||
|
#namespace {
|
||||||
|
#type = shared
|
||||||
|
#separator = /
|
||||||
|
|
||||||
|
# Mailboxes are visible under "shared/user@domain/"
|
||||||
|
# %%n, %%d and %%u are expanded to the destination user.
|
||||||
|
#prefix = shared/%%u/
|
||||||
|
|
||||||
|
# Mail location for other users' mailboxes. Note that %variables and ~/
|
||||||
|
# expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
|
||||||
|
# destination user's data.
|
||||||
|
#location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
|
||||||
|
|
||||||
|
# Use the default namespace for saving subscriptions.
|
||||||
|
#subscriptions = no
|
||||||
|
|
||||||
|
# List the shared/ namespace only if there are visible shared mailboxes.
|
||||||
|
#list = children
|
||||||
|
#}
|
||||||
|
# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
|
||||||
|
#mail_shared_explicit_inbox = no
|
||||||
|
|
||||||
|
# System user and group used to access mails. If you use multiple, userdb
|
||||||
|
# can override these by returning uid or gid fields. You can use either numbers
|
||||||
|
# or names. <doc/wiki/UserIds.txt>
|
||||||
|
mail_uid = 2000
|
||||||
|
mail_gid = 12
|
||||||
|
|
||||||
|
# Group to enable temporarily for privileged operations. Currently this is
|
||||||
|
# used only with INBOX when either its initial creation or dotlocking fails.
|
||||||
|
# Typically this is set to "mail" to give access to /var/mail.
|
||||||
|
mail_privileged_group = mail
|
||||||
|
|
||||||
|
# Grant access to these supplementary groups for mail processes. Typically
|
||||||
|
# these are used to set up access to shared mailboxes. Note that it may be
|
||||||
|
# dangerous to set these if users can create symlinks (e.g. if "mail" group is
|
||||||
|
# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
|
||||||
|
# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
|
||||||
|
#mail_access_groups =
|
||||||
|
|
||||||
|
# Allow full filesystem access to clients. There's no access checks other than
|
||||||
|
# what the operating system does for the active UID/GID. It works with both
|
||||||
|
# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
|
||||||
|
# or ~user/.
|
||||||
|
#mail_full_filesystem_access = no
|
||||||
|
|
||||||
|
# Dictionary for key=value mailbox attributes. This is used for example by
|
||||||
|
# URLAUTH and METADATA extensions.
|
||||||
|
#mail_attribute_dict =
|
||||||
|
|
||||||
|
# A comment or note that is associated with the server. This value is
|
||||||
|
# accessible for authenticated users through the IMAP METADATA server
|
||||||
|
# entry "/shared/comment".
|
||||||
|
#mail_server_comment = ""
|
||||||
|
|
||||||
|
# Indicates a method for contacting the server administrator. According to
|
||||||
|
# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
|
||||||
|
# is currently not enforced. Use for example mailto:admin@example.com. This
|
||||||
|
# value is accessible for authenticated users through the IMAP METADATA server
|
||||||
|
# entry "/shared/admin".
|
||||||
|
#mail_server_admin =
|
||||||
|
|
||||||
|
##
|
||||||
|
## Mail processes
|
||||||
|
##
|
||||||
|
|
||||||
|
# Don't use mmap() at all. This is required if you store indexes to shared
|
||||||
|
# filesystems (NFS or clustered filesystem).
|
||||||
|
#mmap_disable = no
|
||||||
|
|
||||||
|
# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
|
||||||
|
# since version 3, so this should be safe to use nowadays by default.
|
||||||
|
#dotlock_use_excl = yes
|
||||||
|
|
||||||
|
# When to use fsync() or fdatasync() calls:
|
||||||
|
# optimized (default): Whenever necessary to avoid losing important data
|
||||||
|
# always: Useful with e.g. NFS when write()s are delayed
|
||||||
|
# never: Never use it (best performance, but crashes can lose data)
|
||||||
|
#mail_fsync = optimized
|
||||||
|
|
||||||
|
# Locking method for index files. Alternatives are fcntl, flock and dotlock.
|
||||||
|
# Dotlocking uses some tricks which may create more disk I/O than other locking
|
||||||
|
# methods. NFS users: flock doesn't work, remember to change mmap_disable.
|
||||||
|
#lock_method = fcntl
|
||||||
|
|
||||||
|
# Directory in which LDA/LMTP temporarily stores incoming mails >128 kB.
|
||||||
|
#mail_temp_dir = /tmp
|
||||||
|
|
||||||
|
# Valid UID range for users, defaults to 500 and above. This is mostly
|
||||||
|
# to make sure that users can't log in as daemons or other system users.
|
||||||
|
# Note that denying root logins is hardcoded to dovecot binary and can't
|
||||||
|
# be done even if first_valid_uid is set to 0.
|
||||||
|
first_valid_uid = 2000
|
||||||
|
last_valid_uid = 2000
|
||||||
|
|
||||||
|
# Valid GID range for users, defaults to non-root/wheel. Users having
|
||||||
|
# non-valid GID as primary group ID aren't allowed to log in. If user
|
||||||
|
# belongs to supplementary groups with non-valid GIDs, those groups are
|
||||||
|
# not set.
|
||||||
|
first_valid_gid = 12
|
||||||
|
last_valid_gid = 12
|
||||||
|
|
||||||
|
# Maximum allowed length for mail keyword name. It's only forced when trying
|
||||||
|
# to create new keywords.
|
||||||
|
#mail_max_keyword_length = 50
|
||||||
|
|
||||||
|
# ':' separated list of directories under which chrooting is allowed for mail
|
||||||
|
# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
|
||||||
|
# This setting doesn't affect login_chroot, mail_chroot or auth chroot
|
||||||
|
# settings. If this setting is empty, "/./" in home dirs are ignored.
|
||||||
|
# WARNING: Never add directories here which local users can modify, that
|
||||||
|
# may lead to root exploit. Usually this should be done only if you don't
|
||||||
|
# allow shell access for users. <doc/wiki/Chrooting.txt>
|
||||||
|
#valid_chroot_dirs =
|
||||||
|
|
||||||
|
# Default chroot directory for mail processes. This can be overridden for
|
||||||
|
# specific users in user database by giving /./ in user's home directory
|
||||||
|
# (eg. /home/./user chroots into /home). Note that usually there is no real
|
||||||
|
# need to do chrooting, Dovecot doesn't allow users to access files outside
|
||||||
|
# their mail directory anyway. If your home directories are prefixed with
|
||||||
|
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
|
||||||
|
#mail_chroot =
|
||||||
|
|
||||||
|
# UNIX socket path to master authentication server to find users.
|
||||||
|
# This is used by imap (for shared users) and lda.
|
||||||
|
#auth_socket_path = /var/run/dovecot/auth-userdb
|
||||||
|
|
||||||
|
# Directory where to look up mail plugins.
|
||||||
|
#mail_plugin_dir = /usr/lib/dovecot
|
||||||
|
|
||||||
|
# Space separated list of plugins to load for all services. Plugins specific to
|
||||||
|
# IMAP, LDA, etc. are added to this list in their own .conf files.
|
||||||
|
mail_plugins = quota
|
||||||
|
|
||||||
|
##
|
||||||
|
## Mailbox handling optimizations
|
||||||
|
##
|
||||||
|
|
||||||
|
# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
|
||||||
|
# also required for IMAP NOTIFY extension to be enabled.
|
||||||
|
#mailbox_list_index = no
|
||||||
|
|
||||||
|
# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
|
||||||
|
# of potentially returning out-of-date results after e.g. server crashes.
|
||||||
|
# The results will be automatically fixed once the folders are opened.
|
||||||
|
#mailbox_list_index_very_dirty_syncs = yes
|
||||||
|
|
||||||
|
# Should INBOX be kept up-to-date in the mailbox list index? By default it's
|
||||||
|
# not, because most of the mailbox accesses will open INBOX anyway.
|
||||||
|
#mailbox_list_index_include_inbox = no
|
||||||
|
|
||||||
|
# The minimum number of mails in a mailbox before updates are done to cache
|
||||||
|
# file. This allows optimizing Dovecot's behavior to do less disk writes at
|
||||||
|
# the cost of more disk reads.
|
||||||
|
#mail_cache_min_mail_count = 0
|
||||||
|
|
||||||
|
# When IDLE command is running, mailbox is checked once in a while to see if
|
||||||
|
# there are any new mails or other changes. This setting defines the minimum
|
||||||
|
# time to wait between those checks. Dovecot can also use inotify and
|
||||||
|
# kqueue to find out immediately when changes occur.
|
||||||
|
#mailbox_idle_check_interval = 30 secs
|
||||||
|
|
||||||
|
# Save mails with CR+LF instead of plain LF. This makes sending those mails
|
||||||
|
# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
|
||||||
|
# But it also creates a bit more disk I/O which may just make it slower.
|
||||||
|
# Also note that if other software reads the mboxes/maildirs, they may handle
|
||||||
|
# the extra CRs wrong and cause problems.
|
||||||
|
#mail_save_crlf = no
|
||||||
|
|
||||||
|
# Max number of mails to keep open and prefetch to memory. This only works with
|
||||||
|
# some mailbox formats and/or operating systems.
|
||||||
|
#mail_prefetch_count = 0
|
||||||
|
|
||||||
|
# How often to scan for stale temporary files and delete them (0 = never).
|
||||||
|
# These should exist only after Dovecot dies in the middle of saving mails.
|
||||||
|
#mail_temp_scan_interval = 1w
|
||||||
|
|
||||||
|
# How many slow mail accesses sorting can perform before it returns failure.
|
||||||
|
# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
|
||||||
|
# The untagged SORT reply is still returned, but it's likely not correct.
|
||||||
|
#mail_sort_max_read_count = 0
|
||||||
|
|
||||||
|
protocol !indexer-worker {
|
||||||
|
# If folder vsize calculation requires opening more than this many mails from
|
||||||
|
# disk (i.e. mail sizes aren't in cache already), return failure and finish
|
||||||
|
# the calculation via indexer process. Disabled by default. This setting must
|
||||||
|
# be 0 for indexer-worker processes.
|
||||||
|
#mail_vsize_bg_after_count = 0
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
## Maildir-specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# By default LIST command returns all entries in maildir beginning with a dot.
|
||||||
|
# Enabling this option makes Dovecot return only entries which are directories.
|
||||||
|
# This is done by stat()ing each entry, so it causes more disk I/O.
|
||||||
|
# (For systems setting struct dirent->d_type, this check is free and it's
|
||||||
|
# done always regardless of this setting)
|
||||||
|
#maildir_stat_dirs = no
|
||||||
|
|
||||||
|
# When copying a message, do it with hard links whenever possible. This makes
|
||||||
|
# the performance much better, and it's unlikely to have any side effects.
|
||||||
|
#maildir_copy_with_hardlinks = yes
|
||||||
|
|
||||||
|
# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
|
||||||
|
# when its mtime changes unexpectedly or when we can't find the mail otherwise.
|
||||||
|
#maildir_very_dirty_syncs = no
|
||||||
|
|
||||||
|
# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
|
||||||
|
# getting the mail's physical size, except when recalculating Maildir++ quota.
|
||||||
|
# This can be useful in systems where a lot of the Maildir filenames have a
|
||||||
|
# broken size. The performance hit for enabling this is very small.
|
||||||
|
#maildir_broken_filename_sizes = no
|
||||||
|
|
||||||
|
# Always move mails from new/ directory to cur/, even when the \Recent flags
|
||||||
|
# aren't being reset.
|
||||||
|
#maildir_empty_new = no
|
||||||
|
|
||||||
|
##
|
||||||
|
## mbox-specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Which locking methods to use for locking mbox. There are four available:
|
||||||
|
# dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
|
||||||
|
# solution. If you want to use /var/mail/ like directory, the users
|
||||||
|
# will need write access to that directory.
|
||||||
|
# dotlock_try: Same as dotlock, but if it fails because of permissions or
|
||||||
|
# because there isn't enough disk space, just skip it.
|
||||||
|
# fcntl : Use this if possible. Works with NFS too if lockd is used.
|
||||||
|
# flock : May not exist in all systems. Doesn't work with NFS.
|
||||||
|
# lockf : May not exist in all systems. Doesn't work with NFS.
|
||||||
|
#
|
||||||
|
# You can use multiple locking methods; if you do the order they're declared
|
||||||
|
# in is important to avoid deadlocks if other MTAs/MUAs are using multiple
|
||||||
|
# locking methods as well. Some operating systems don't allow using some of
|
||||||
|
# them simultaneously.
|
||||||
|
#mbox_read_locks = fcntl
|
||||||
|
#mbox_write_locks = dotlock fcntl
|
||||||
|
mbox_write_locks = fcntl
|
||||||
|
|
||||||
|
# Maximum time to wait for lock (all of them) before aborting.
|
||||||
|
#mbox_lock_timeout = 5 mins
|
||||||
|
|
||||||
|
# If dotlock exists but the mailbox isn't modified in any way, override the
|
||||||
|
# lock file after this much time.
|
||||||
|
#mbox_dotlock_change_timeout = 2 mins
|
||||||
|
|
||||||
|
# When mbox changes unexpectedly we have to fully read it to find out what
|
||||||
|
# changed. If the mbox is large this can take a long time. Since the change
|
||||||
|
# is usually just a newly appended mail, it'd be faster to simply read the
|
||||||
|
# new mails. If this setting is enabled, Dovecot does this but still safely
|
||||||
|
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
|
||||||
|
# how it's expected to be. The only real downside to this setting is that if
|
||||||
|
# some other MUA changes message flags, Dovecot doesn't notice it immediately.
|
||||||
|
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
|
||||||
|
# commands.
|
||||||
|
#mbox_dirty_syncs = yes
|
||||||
|
|
||||||
|
# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE,
|
||||||
|
# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored.
|
||||||
|
#mbox_very_dirty_syncs = no
|
||||||
|
|
||||||
|
# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK
|
||||||
|
# commands and when closing the mailbox). This is especially useful for POP3
|
||||||
|
# where clients often delete all mails. The downside is that our changes
|
||||||
|
# aren't immediately visible to other MUAs.
|
||||||
|
#mbox_lazy_writes = yes
|
||||||
|
|
||||||
|
# If mbox size is smaller than this (e.g. 100k), don't write index files.
|
||||||
|
# If an index file already exists it's still read, just not updated.
|
||||||
|
#mbox_min_index_size = 0
|
||||||
|
|
||||||
|
# Mail header selection algorithm to use for MD5 POP3 UIDLs when
|
||||||
|
# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired
|
||||||
|
# algorithm, but it fails if the first Received: header isn't unique in all
|
||||||
|
# mails. An alternative algorithm is "all" that selects all headers.
|
||||||
|
#mbox_md5 = apop3d
|
||||||
|
|
||||||
|
##
|
||||||
|
## mdbox-specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Maximum dbox file size until it's rotated.
|
||||||
|
#mdbox_rotate_size = 2M
|
||||||
|
|
||||||
|
# Maximum dbox file age until it's rotated. Typically in days. Day begins
|
||||||
|
# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
|
||||||
|
#mdbox_rotate_interval = 0
|
||||||
|
|
||||||
|
# When creating new mdbox files, immediately preallocate their size to
|
||||||
|
# mdbox_rotate_size. This setting currently works only in Linux with some
|
||||||
|
# filesystems (ext4, xfs).
|
||||||
|
#mdbox_preallocate_space = no
|
||||||
|
|
||||||
|
##
|
||||||
|
## Mail attachments
|
||||||
|
##
|
||||||
|
|
||||||
|
# sdbox and mdbox support saving mail attachments to external files, which
|
||||||
|
# also allows single instance storage for them. Other backends don't support
|
||||||
|
# this for now.
|
||||||
|
|
||||||
|
# Directory root where to store mail attachments. Disabled, if empty.
|
||||||
|
#mail_attachment_dir =
|
||||||
|
|
||||||
|
# Attachments smaller than this aren't saved externally. It's also possible to
|
||||||
|
# write a plugin to disable saving specific attachments externally.
|
||||||
|
#mail_attachment_min_size = 128k
|
||||||
|
|
||||||
|
# Filesystem backend to use for saving attachments:
|
||||||
|
# posix : No SiS done by Dovecot (but this might help FS's own deduplication)
|
||||||
|
# sis posix : SiS with immediate byte-by-byte comparison during saving
|
||||||
|
# sis-queue posix : SiS with delayed comparison and deduplication
|
||||||
|
#mail_attachment_fs = sis posix
|
||||||
|
|
||||||
|
# Hash format to use in attachment filenames. You can add any text and
|
||||||
|
# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
|
||||||
|
# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
|
||||||
|
#mail_attachment_hash = %{sha1}
|
||||||
|
|
||||||
|
# Settings to control adding $HasAttachment or $HasNoAttachment keywords.
|
||||||
|
# By default, all MIME parts with Content-Disposition=attachment, or inlines
|
||||||
|
# with filename parameter are consired attachments.
|
||||||
|
# add-flags-on-save - Add the keywords when saving new mails.
|
||||||
|
# content-type=type or !type - Include/exclude content type. Excluding will
|
||||||
|
# never consider the matched MIME part as attachment. Including will only
|
||||||
|
# negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar).
|
||||||
|
# exclude-inlined - Exclude any Content-Disposition=inline MIME part.
|
||||||
|
#mail_attachment_detection_options =
|
412
dovecot/conf.d/10-mail.conf_original
Normal file
412
dovecot/conf.d/10-mail.conf_original
Normal file
|
@ -0,0 +1,412 @@
|
||||||
|
##
|
||||||
|
## Mailbox locations and namespaces
|
||||||
|
##
|
||||||
|
|
||||||
|
# Location for users' mailboxes. The default is empty, which means that Dovecot
|
||||||
|
# tries to find the mailboxes automatically. This won't work if the user
|
||||||
|
# doesn't yet have any mail, so you should explicitly tell Dovecot the full
|
||||||
|
# location.
|
||||||
|
#
|
||||||
|
# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
|
||||||
|
# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
|
||||||
|
# kept. This is called the "root mail directory", and it must be the first
|
||||||
|
# path given in the mail_location setting.
|
||||||
|
#
|
||||||
|
# There are a few special variables you can use, eg.:
|
||||||
|
#
|
||||||
|
# %u - username
|
||||||
|
# %n - user part in user@domain, same as %u if there's no domain
|
||||||
|
# %d - domain part in user@domain, empty if there's no domain
|
||||||
|
# %h - home directory
|
||||||
|
#
|
||||||
|
# See doc/wiki/Variables.txt for full list. Some examples:
|
||||||
|
#
|
||||||
|
# mail_location = maildir:~/Maildir
|
||||||
|
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
|
||||||
|
# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
|
||||||
|
#
|
||||||
|
# <doc/wiki/MailLocation.txt>
|
||||||
|
#
|
||||||
|
#mail_location =
|
||||||
|
|
||||||
|
# If you need to set multiple mailbox locations or want to change default
|
||||||
|
# namespace settings, you can do it by defining namespace sections.
|
||||||
|
#
|
||||||
|
# You can have private, shared and public namespaces. Private namespaces
|
||||||
|
# are for user's personal mails. Shared namespaces are for accessing other
|
||||||
|
# users' mailboxes that have been shared. Public namespaces are for shared
|
||||||
|
# mailboxes that are managed by sysadmin. If you create any shared or public
|
||||||
|
# namespaces you'll typically want to enable ACL plugin also, otherwise all
|
||||||
|
# users can access all the shared mailboxes, assuming they have permissions
|
||||||
|
# on filesystem level to do so.
|
||||||
|
namespace inbox {
|
||||||
|
# Namespace type: private, shared or public
|
||||||
|
#type = private
|
||||||
|
|
||||||
|
# Hierarchy separator to use. You should use the same separator for all
|
||||||
|
# namespaces or some clients get confused. '/' is usually a good one.
|
||||||
|
# The default however depends on the underlying mail storage format.
|
||||||
|
#separator =
|
||||||
|
|
||||||
|
# Prefix required to access this namespace. This needs to be different for
|
||||||
|
# all namespaces. For example "Public/".
|
||||||
|
#prefix =
|
||||||
|
|
||||||
|
# Physical location of the mailbox. This is in same format as
|
||||||
|
# mail_location, which is also the default for it.
|
||||||
|
#location =
|
||||||
|
|
||||||
|
# There can be only one INBOX, and this setting defines which namespace
|
||||||
|
# has it.
|
||||||
|
inbox = yes
|
||||||
|
|
||||||
|
# If namespace is hidden, it's not advertised to clients via NAMESPACE
|
||||||
|
# extension. You'll most likely also want to set list=no. This is mostly
|
||||||
|
# useful when converting from another server with different namespaces which
|
||||||
|
# you want to deprecate but still keep working. For example you can create
|
||||||
|
# hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
|
||||||
|
#hidden = no
|
||||||
|
|
||||||
|
# Show the mailboxes under this namespace with LIST command. This makes the
|
||||||
|
# namespace visible for clients that don't support NAMESPACE extension.
|
||||||
|
# "children" value lists child mailboxes, but hides the namespace prefix.
|
||||||
|
#list = yes
|
||||||
|
|
||||||
|
# Namespace handles its own subscriptions. If set to "no", the parent
|
||||||
|
# namespace handles them (empty prefix should always have this as "yes")
|
||||||
|
#subscriptions = yes
|
||||||
|
|
||||||
|
# See 15-mailboxes.conf for definitions of special mailboxes.
|
||||||
|
}
|
||||||
|
|
||||||
|
# Example shared namespace configuration
|
||||||
|
#namespace {
|
||||||
|
#type = shared
|
||||||
|
#separator = /
|
||||||
|
|
||||||
|
# Mailboxes are visible under "shared/user@domain/"
|
||||||
|
# %%n, %%d and %%u are expanded to the destination user.
|
||||||
|
#prefix = shared/%%u/
|
||||||
|
|
||||||
|
# Mail location for other users' mailboxes. Note that %variables and ~/
|
||||||
|
# expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
|
||||||
|
# destination user's data.
|
||||||
|
#location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
|
||||||
|
|
||||||
|
# Use the default namespace for saving subscriptions.
|
||||||
|
#subscriptions = no
|
||||||
|
|
||||||
|
# List the shared/ namespace only if there are visible shared mailboxes.
|
||||||
|
#list = children
|
||||||
|
#}
|
||||||
|
# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
|
||||||
|
#mail_shared_explicit_inbox = no
|
||||||
|
|
||||||
|
# System user and group used to access mails. If you use multiple, userdb
|
||||||
|
# can override these by returning uid or gid fields. You can use either numbers
|
||||||
|
# or names. <doc/wiki/UserIds.txt>
|
||||||
|
#mail_uid =
|
||||||
|
#mail_gid =
|
||||||
|
|
||||||
|
# Group to enable temporarily for privileged operations. Currently this is
|
||||||
|
# used only with INBOX when either its initial creation or dotlocking fails.
|
||||||
|
# Typically this is set to "mail" to give access to /var/mail.
|
||||||
|
#mail_privileged_group =
|
||||||
|
|
||||||
|
# Grant access to these supplementary groups for mail processes. Typically
|
||||||
|
# these are used to set up access to shared mailboxes. Note that it may be
|
||||||
|
# dangerous to set these if users can create symlinks (e.g. if "mail" group is
|
||||||
|
# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
|
||||||
|
# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
|
||||||
|
#mail_access_groups =
|
||||||
|
|
||||||
|
# Allow full filesystem access to clients. There's no access checks other than
|
||||||
|
# what the operating system does for the active UID/GID. It works with both
|
||||||
|
# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
|
||||||
|
# or ~user/.
|
||||||
|
#mail_full_filesystem_access = no
|
||||||
|
|
||||||
|
# Dictionary for key=value mailbox attributes. This is used for example by
|
||||||
|
# URLAUTH and METADATA extensions.
|
||||||
|
#mail_attribute_dict =
|
||||||
|
|
||||||
|
# A comment or note that is associated with the server. This value is
|
||||||
|
# accessible for authenticated users through the IMAP METADATA server
|
||||||
|
# entry "/shared/comment".
|
||||||
|
#mail_server_comment = ""
|
||||||
|
|
||||||
|
# Indicates a method for contacting the server administrator. According to
|
||||||
|
# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
|
||||||
|
# is currently not enforced. Use for example mailto:admin@example.com. This
|
||||||
|
# value is accessible for authenticated users through the IMAP METADATA server
|
||||||
|
# entry "/shared/admin".
|
||||||
|
#mail_server_admin =
|
||||||
|
|
||||||
|
##
|
||||||
|
## Mail processes
|
||||||
|
##
|
||||||
|
|
||||||
|
# Don't use mmap() at all. This is required if you store indexes to shared
|
||||||
|
# filesystems (NFS or clustered filesystem).
|
||||||
|
#mmap_disable = no
|
||||||
|
|
||||||
|
# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
|
||||||
|
# since version 3, so this should be safe to use nowadays by default.
|
||||||
|
#dotlock_use_excl = yes
|
||||||
|
|
||||||
|
# When to use fsync() or fdatasync() calls:
|
||||||
|
# optimized (default): Whenever necessary to avoid losing important data
|
||||||
|
# always: Useful with e.g. NFS when write()s are delayed
|
||||||
|
# never: Never use it (best performance, but crashes can lose data)
|
||||||
|
#mail_fsync = optimized
|
||||||
|
|
||||||
|
# Locking method for index files. Alternatives are fcntl, flock and dotlock.
|
||||||
|
# Dotlocking uses some tricks which may create more disk I/O than other locking
|
||||||
|
# methods. NFS users: flock doesn't work, remember to change mmap_disable.
|
||||||
|
#lock_method = fcntl
|
||||||
|
|
||||||
|
# Directory in which LDA/LMTP temporarily stores incoming mails >128 kB.
|
||||||
|
#mail_temp_dir = /tmp
|
||||||
|
|
||||||
|
# Valid UID range for users, defaults to 500 and above. This is mostly
|
||||||
|
# to make sure that users can't log in as daemons or other system users.
|
||||||
|
# Note that denying root logins is hardcoded to dovecot binary and can't
|
||||||
|
# be done even if first_valid_uid is set to 0.
|
||||||
|
first_valid_uid = 1000
|
||||||
|
#last_valid_uid = 0
|
||||||
|
|
||||||
|
# Valid GID range for users, defaults to non-root/wheel. Users having
|
||||||
|
# non-valid GID as primary group ID aren't allowed to log in. If user
|
||||||
|
# belongs to supplementary groups with non-valid GIDs, those groups are
|
||||||
|
# not set.
|
||||||
|
#first_valid_gid = 1
|
||||||
|
#last_valid_gid = 0
|
||||||
|
|
||||||
|
# Maximum allowed length for mail keyword name. It's only forced when trying
|
||||||
|
# to create new keywords.
|
||||||
|
#mail_max_keyword_length = 50
|
||||||
|
|
||||||
|
# ':' separated list of directories under which chrooting is allowed for mail
|
||||||
|
# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
|
||||||
|
# This setting doesn't affect login_chroot, mail_chroot or auth chroot
|
||||||
|
# settings. If this setting is empty, "/./" in home dirs are ignored.
|
||||||
|
# WARNING: Never add directories here which local users can modify, that
|
||||||
|
# may lead to root exploit. Usually this should be done only if you don't
|
||||||
|
# allow shell access for users. <doc/wiki/Chrooting.txt>
|
||||||
|
#valid_chroot_dirs =
|
||||||
|
|
||||||
|
# Default chroot directory for mail processes. This can be overridden for
|
||||||
|
# specific users in user database by giving /./ in user's home directory
|
||||||
|
# (eg. /home/./user chroots into /home). Note that usually there is no real
|
||||||
|
# need to do chrooting, Dovecot doesn't allow users to access files outside
|
||||||
|
# their mail directory anyway. If your home directories are prefixed with
|
||||||
|
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
|
||||||
|
#mail_chroot =
|
||||||
|
|
||||||
|
# UNIX socket path to master authentication server to find users.
|
||||||
|
# This is used by imap (for shared users) and lda.
|
||||||
|
#auth_socket_path = /var/run/dovecot/auth-userdb
|
||||||
|
|
||||||
|
# Directory where to look up mail plugins.
|
||||||
|
#mail_plugin_dir = /usr/lib/dovecot
|
||||||
|
|
||||||
|
# Space separated list of plugins to load for all services. Plugins specific to
|
||||||
|
# IMAP, LDA, etc. are added to this list in their own .conf files.
|
||||||
|
#mail_plugins =
|
||||||
|
|
||||||
|
##
|
||||||
|
## Mailbox handling optimizations
|
||||||
|
##
|
||||||
|
|
||||||
|
# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
|
||||||
|
# also required for IMAP NOTIFY extension to be enabled.
|
||||||
|
#mailbox_list_index = no
|
||||||
|
|
||||||
|
# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
|
||||||
|
# of potentially returning out-of-date results after e.g. server crashes.
|
||||||
|
# The results will be automatically fixed once the folders are opened.
|
||||||
|
#mailbox_list_index_very_dirty_syncs = yes
|
||||||
|
|
||||||
|
# Should INBOX be kept up-to-date in the mailbox list index? By default it's
|
||||||
|
# not, because most of the mailbox accesses will open INBOX anyway.
|
||||||
|
#mailbox_list_index_include_inbox = no
|
||||||
|
|
||||||
|
# The minimum number of mails in a mailbox before updates are done to cache
|
||||||
|
# file. This allows optimizing Dovecot's behavior to do less disk writes at
|
||||||
|
# the cost of more disk reads.
|
||||||
|
#mail_cache_min_mail_count = 0
|
||||||
|
|
||||||
|
# When IDLE command is running, mailbox is checked once in a while to see if
|
||||||
|
# there are any new mails or other changes. This setting defines the minimum
|
||||||
|
# time to wait between those checks. Dovecot can also use inotify and
|
||||||
|
# kqueue to find out immediately when changes occur.
|
||||||
|
#mailbox_idle_check_interval = 30 secs
|
||||||
|
|
||||||
|
# Save mails with CR+LF instead of plain LF. This makes sending those mails
|
||||||
|
# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
|
||||||
|
# But it also creates a bit more disk I/O which may just make it slower.
|
||||||
|
# Also note that if other software reads the mboxes/maildirs, they may handle
|
||||||
|
# the extra CRs wrong and cause problems.
|
||||||
|
#mail_save_crlf = no
|
||||||
|
|
||||||
|
# Max number of mails to keep open and prefetch to memory. This only works with
|
||||||
|
# some mailbox formats and/or operating systems.
|
||||||
|
#mail_prefetch_count = 0
|
||||||
|
|
||||||
|
# How often to scan for stale temporary files and delete them (0 = never).
|
||||||
|
# These should exist only after Dovecot dies in the middle of saving mails.
|
||||||
|
#mail_temp_scan_interval = 1w
|
||||||
|
|
||||||
|
# How many slow mail accesses sorting can perform before it returns failure.
|
||||||
|
# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
|
||||||
|
# The untagged SORT reply is still returned, but it's likely not correct.
|
||||||
|
#mail_sort_max_read_count = 0
|
||||||
|
|
||||||
|
protocol !indexer-worker {
|
||||||
|
# If folder vsize calculation requires opening more than this many mails from
|
||||||
|
# disk (i.e. mail sizes aren't in cache already), return failure and finish
|
||||||
|
# the calculation via indexer process. Disabled by default. This setting must
|
||||||
|
# be 0 for indexer-worker processes.
|
||||||
|
#mail_vsize_bg_after_count = 0
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
## Maildir-specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# By default LIST command returns all entries in maildir beginning with a dot.
|
||||||
|
# Enabling this option makes Dovecot return only entries which are directories.
|
||||||
|
# This is done by stat()ing each entry, so it causes more disk I/O.
|
||||||
|
# (For systems setting struct dirent->d_type, this check is free and it's
|
||||||
|
# done always regardless of this setting)
|
||||||
|
#maildir_stat_dirs = no
|
||||||
|
|
||||||
|
# When copying a message, do it with hard links whenever possible. This makes
|
||||||
|
# the performance much better, and it's unlikely to have any side effects.
|
||||||
|
#maildir_copy_with_hardlinks = yes
|
||||||
|
|
||||||
|
# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
|
||||||
|
# when its mtime changes unexpectedly or when we can't find the mail otherwise.
|
||||||
|
#maildir_very_dirty_syncs = no
|
||||||
|
|
||||||
|
# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
|
||||||
|
# getting the mail's physical size, except when recalculating Maildir++ quota.
|
||||||
|
# This can be useful in systems where a lot of the Maildir filenames have a
|
||||||
|
# broken size. The performance hit for enabling this is very small.
|
||||||
|
#maildir_broken_filename_sizes = no
|
||||||
|
|
||||||
|
# Always move mails from new/ directory to cur/, even when the \Recent flags
|
||||||
|
# aren't being reset.
|
||||||
|
#maildir_empty_new = no
|
||||||
|
|
||||||
|
##
|
||||||
|
## mbox-specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Which locking methods to use for locking mbox. There are four available:
|
||||||
|
# dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
|
||||||
|
# solution. If you want to use /var/mail/ like directory, the users
|
||||||
|
# will need write access to that directory.
|
||||||
|
# dotlock_try: Same as dotlock, but if it fails because of permissions or
|
||||||
|
# because there isn't enough disk space, just skip it.
|
||||||
|
# fcntl : Use this if possible. Works with NFS too if lockd is used.
|
||||||
|
# flock : May not exist in all systems. Doesn't work with NFS.
|
||||||
|
# lockf : May not exist in all systems. Doesn't work with NFS.
|
||||||
|
#
|
||||||
|
# You can use multiple locking methods; if you do the order they're declared
|
||||||
|
# in is important to avoid deadlocks if other MTAs/MUAs are using multiple
|
||||||
|
# locking methods as well. Some operating systems don't allow using some of
|
||||||
|
# them simultaneously.
|
||||||
|
#mbox_read_locks = fcntl
|
||||||
|
#mbox_write_locks = dotlock fcntl
|
||||||
|
mbox_write_locks = fcntl
|
||||||
|
|
||||||
|
# Maximum time to wait for lock (all of them) before aborting.
|
||||||
|
#mbox_lock_timeout = 5 mins
|
||||||
|
|
||||||
|
# If dotlock exists but the mailbox isn't modified in any way, override the
|
||||||
|
# lock file after this much time.
|
||||||
|
#mbox_dotlock_change_timeout = 2 mins
|
||||||
|
|
||||||
|
# When mbox changes unexpectedly we have to fully read it to find out what
|
||||||
|
# changed. If the mbox is large this can take a long time. Since the change
|
||||||
|
# is usually just a newly appended mail, it'd be faster to simply read the
|
||||||
|
# new mails. If this setting is enabled, Dovecot does this but still safely
|
||||||
|
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
|
||||||
|
# how it's expected to be. The only real downside to this setting is that if
|
||||||
|
# some other MUA changes message flags, Dovecot doesn't notice it immediately.
|
||||||
|
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
|
||||||
|
# commands.
|
||||||
|
#mbox_dirty_syncs = yes
|
||||||
|
|
||||||
|
# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE,
|
||||||
|
# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored.
|
||||||
|
#mbox_very_dirty_syncs = no
|
||||||
|
|
||||||
|
# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK
|
||||||
|
# commands and when closing the mailbox). This is especially useful for POP3
|
||||||
|
# where clients often delete all mails. The downside is that our changes
|
||||||
|
# aren't immediately visible to other MUAs.
|
||||||
|
#mbox_lazy_writes = yes
|
||||||
|
|
||||||
|
# If mbox size is smaller than this (e.g. 100k), don't write index files.
|
||||||
|
# If an index file already exists it's still read, just not updated.
|
||||||
|
#mbox_min_index_size = 0
|
||||||
|
|
||||||
|
# Mail header selection algorithm to use for MD5 POP3 UIDLs when
|
||||||
|
# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired
|
||||||
|
# algorithm, but it fails if the first Received: header isn't unique in all
|
||||||
|
# mails. An alternative algorithm is "all" that selects all headers.
|
||||||
|
#mbox_md5 = apop3d
|
||||||
|
|
||||||
|
##
|
||||||
|
## mdbox-specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Maximum dbox file size until it's rotated.
|
||||||
|
#mdbox_rotate_size = 2M
|
||||||
|
|
||||||
|
# Maximum dbox file age until it's rotated. Typically in days. Day begins
|
||||||
|
# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
|
||||||
|
#mdbox_rotate_interval = 0
|
||||||
|
|
||||||
|
# When creating new mdbox files, immediately preallocate their size to
|
||||||
|
# mdbox_rotate_size. This setting currently works only in Linux with some
|
||||||
|
# filesystems (ext4, xfs).
|
||||||
|
#mdbox_preallocate_space = no
|
||||||
|
|
||||||
|
##
|
||||||
|
## Mail attachments
|
||||||
|
##
|
||||||
|
|
||||||
|
# sdbox and mdbox support saving mail attachments to external files, which
|
||||||
|
# also allows single instance storage for them. Other backends don't support
|
||||||
|
# this for now.
|
||||||
|
|
||||||
|
# Directory root where to store mail attachments. Disabled, if empty.
|
||||||
|
#mail_attachment_dir =
|
||||||
|
|
||||||
|
# Attachments smaller than this aren't saved externally. It's also possible to
|
||||||
|
# write a plugin to disable saving specific attachments externally.
|
||||||
|
#mail_attachment_min_size = 128k
|
||||||
|
|
||||||
|
# Filesystem backend to use for saving attachments:
|
||||||
|
# posix : No SiS done by Dovecot (but this might help FS's own deduplication)
|
||||||
|
# sis posix : SiS with immediate byte-by-byte comparison during saving
|
||||||
|
# sis-queue posix : SiS with delayed comparison and deduplication
|
||||||
|
#mail_attachment_fs = sis posix
|
||||||
|
|
||||||
|
# Hash format to use in attachment filenames. You can add any text and
|
||||||
|
# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
|
||||||
|
# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
|
||||||
|
#mail_attachment_hash = %{sha1}
|
||||||
|
|
||||||
|
# Settings to control adding $HasAttachment or $HasNoAttachment keywords.
|
||||||
|
# By default, all MIME parts with Content-Disposition=attachment, or inlines
|
||||||
|
# with filename parameter are consired attachments.
|
||||||
|
# add-flags-on-save - Add the keywords when saving new mails.
|
||||||
|
# content-type=type or !type - Include/exclude content type. Excluding will
|
||||||
|
# never consider the matched MIME part as attachment. Including will only
|
||||||
|
# negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar).
|
||||||
|
# exclude-inlined - Exclude any Content-Disposition=inline MIME part.
|
||||||
|
#mail_attachment_detection_options =
|
123
dovecot/conf.d/10-master.conf
Normal file
123
dovecot/conf.d/10-master.conf
Normal file
|
@ -0,0 +1,123 @@
|
||||||
|
#default_process_limit = 100
|
||||||
|
#default_client_limit = 1000
|
||||||
|
|
||||||
|
# Default VSZ (virtual memory size) limit for service processes. This is mainly
|
||||||
|
# intended to catch and kill processes that leak memory before they eat up
|
||||||
|
# everything.
|
||||||
|
#default_vsz_limit = 256M
|
||||||
|
|
||||||
|
# Login user is internally used by login processes. This is the most untrusted
|
||||||
|
# user in Dovecot system. It shouldn't have access to anything at all.
|
||||||
|
#default_login_user = dovenull
|
||||||
|
|
||||||
|
# Internal user is used by unprivileged processes. It should be separate from
|
||||||
|
# login user, so that login processes can't disturb other processes.
|
||||||
|
#default_internal_user = dovecot
|
||||||
|
|
||||||
|
service imap-login {
|
||||||
|
inet_listener imap {
|
||||||
|
port = 143
|
||||||
|
}
|
||||||
|
inet_listener imaps {
|
||||||
|
port = 993
|
||||||
|
ssl = yes
|
||||||
|
}
|
||||||
|
|
||||||
|
# Number of connections to handle before starting a new process. Typically
|
||||||
|
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
||||||
|
# is faster. <doc/wiki/LoginProcess.txt>
|
||||||
|
#service_count = 1
|
||||||
|
|
||||||
|
# Number of processes to always keep waiting for more connections.
|
||||||
|
#process_min_avail = 0
|
||||||
|
|
||||||
|
# If you set service_count=0, you probably need to grow this.
|
||||||
|
#vsz_limit = $default_vsz_limit
|
||||||
|
}
|
||||||
|
|
||||||
|
service pop3-login {
|
||||||
|
inet_listener pop3 {
|
||||||
|
port = 110
|
||||||
|
}
|
||||||
|
inet_listener pop3s {
|
||||||
|
port = 995
|
||||||
|
ssl = yes
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
service lmtp {
|
||||||
|
unix_listener /var/spool/postfix/private/dovecot-lmtp {
|
||||||
|
mode = 0600
|
||||||
|
user = postfix
|
||||||
|
group = postfix
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create inet listener only if you can't use the above UNIX socket
|
||||||
|
#inet_listener lmtp {
|
||||||
|
# Avoid making LMTP visible for the entire internet
|
||||||
|
#address =
|
||||||
|
#port =
|
||||||
|
#}
|
||||||
|
}
|
||||||
|
|
||||||
|
service imap {
|
||||||
|
# Most of the memory goes to mmap()ing files. You may need to increase this
|
||||||
|
# limit if you have huge mailboxes.
|
||||||
|
#vsz_limit = $default_vsz_limit
|
||||||
|
|
||||||
|
# Max. number of IMAP processes (connections)
|
||||||
|
#process_limit = 1024
|
||||||
|
}
|
||||||
|
|
||||||
|
service pop3 {
|
||||||
|
# Max. number of POP3 processes (connections)
|
||||||
|
#process_limit = 1024
|
||||||
|
}
|
||||||
|
|
||||||
|
service auth {
|
||||||
|
# auth_socket_path points to this userdb socket by default. It's typically
|
||||||
|
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
|
||||||
|
# full permissions to this socket are able to get a list of all usernames and
|
||||||
|
# get the results of everyone's userdb lookups.
|
||||||
|
#
|
||||||
|
# The default 0666 mode allows anyone to connect to the socket, but the
|
||||||
|
# userdb lookups will succeed only if the userdb returns an "uid" field that
|
||||||
|
# matches the caller process's UID. Also if caller's uid or gid matches the
|
||||||
|
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
|
||||||
|
#
|
||||||
|
# To give the caller full permissions to lookup all users, set the mode to
|
||||||
|
# something else than 0666 and Dovecot lets the kernel enforce the
|
||||||
|
# permissions (e.g. 0777 allows everyone full permissions).
|
||||||
|
#unix_listener auth-userdb {
|
||||||
|
#mode = 0600
|
||||||
|
#user = vmail
|
||||||
|
#group =
|
||||||
|
#}
|
||||||
|
|
||||||
|
# Postfix smtp-auth
|
||||||
|
unix_listener /var/spool/postfix/private/auth {
|
||||||
|
mode = 0660
|
||||||
|
user = postfix
|
||||||
|
group = postfix
|
||||||
|
}
|
||||||
|
|
||||||
|
# Auth process is run as this user.
|
||||||
|
#user = dovecot
|
||||||
|
}
|
||||||
|
|
||||||
|
service auth-worker {
|
||||||
|
# Auth worker process is run as root by default, so that it can access
|
||||||
|
# /etc/shadow. If this isn't necessary, the user should be changed to
|
||||||
|
# $default_internal_user.
|
||||||
|
#user = root
|
||||||
|
}
|
||||||
|
|
||||||
|
service dict {
|
||||||
|
# If dict proxy is used, mail processes should have access to its socket.
|
||||||
|
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
|
||||||
|
unix_listener dict {
|
||||||
|
mode = 0660
|
||||||
|
user = vmail
|
||||||
|
group = mail
|
||||||
|
}
|
||||||
|
}
|
119
dovecot/conf.d/10-master.conf_original
Normal file
119
dovecot/conf.d/10-master.conf_original
Normal file
|
@ -0,0 +1,119 @@
|
||||||
|
#default_process_limit = 100
|
||||||
|
#default_client_limit = 1000
|
||||||
|
|
||||||
|
# Default VSZ (virtual memory size) limit for service processes. This is mainly
|
||||||
|
# intended to catch and kill processes that leak memory before they eat up
|
||||||
|
# everything.
|
||||||
|
#default_vsz_limit = 256M
|
||||||
|
|
||||||
|
# Login user is internally used by login processes. This is the most untrusted
|
||||||
|
# user in Dovecot system. It shouldn't have access to anything at all.
|
||||||
|
#default_login_user = dovenull
|
||||||
|
|
||||||
|
# Internal user is used by unprivileged processes. It should be separate from
|
||||||
|
# login user, so that login processes can't disturb other processes.
|
||||||
|
#default_internal_user = dovecot
|
||||||
|
|
||||||
|
service imap-login {
|
||||||
|
inet_listener imap {
|
||||||
|
#port = 143
|
||||||
|
}
|
||||||
|
inet_listener imaps {
|
||||||
|
#port = 993
|
||||||
|
#ssl = yes
|
||||||
|
}
|
||||||
|
|
||||||
|
# Number of connections to handle before starting a new process. Typically
|
||||||
|
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
||||||
|
# is faster. <doc/wiki/LoginProcess.txt>
|
||||||
|
#service_count = 1
|
||||||
|
|
||||||
|
# Number of processes to always keep waiting for more connections.
|
||||||
|
#process_min_avail = 0
|
||||||
|
|
||||||
|
# If you set service_count=0, you probably need to grow this.
|
||||||
|
#vsz_limit = $default_vsz_limit
|
||||||
|
}
|
||||||
|
|
||||||
|
service pop3-login {
|
||||||
|
inet_listener pop3 {
|
||||||
|
#port = 110
|
||||||
|
}
|
||||||
|
inet_listener pop3s {
|
||||||
|
#port = 995
|
||||||
|
#ssl = yes
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
service lmtp {
|
||||||
|
unix_listener lmtp {
|
||||||
|
#mode = 0666
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create inet listener only if you can't use the above UNIX socket
|
||||||
|
#inet_listener lmtp {
|
||||||
|
# Avoid making LMTP visible for the entire internet
|
||||||
|
#address =
|
||||||
|
#port =
|
||||||
|
#}
|
||||||
|
}
|
||||||
|
|
||||||
|
service imap {
|
||||||
|
# Most of the memory goes to mmap()ing files. You may need to increase this
|
||||||
|
# limit if you have huge mailboxes.
|
||||||
|
#vsz_limit = $default_vsz_limit
|
||||||
|
|
||||||
|
# Max. number of IMAP processes (connections)
|
||||||
|
#process_limit = 1024
|
||||||
|
}
|
||||||
|
|
||||||
|
service pop3 {
|
||||||
|
# Max. number of POP3 processes (connections)
|
||||||
|
#process_limit = 1024
|
||||||
|
}
|
||||||
|
|
||||||
|
service auth {
|
||||||
|
# auth_socket_path points to this userdb socket by default. It's typically
|
||||||
|
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
|
||||||
|
# full permissions to this socket are able to get a list of all usernames and
|
||||||
|
# get the results of everyone's userdb lookups.
|
||||||
|
#
|
||||||
|
# The default 0666 mode allows anyone to connect to the socket, but the
|
||||||
|
# userdb lookups will succeed only if the userdb returns an "uid" field that
|
||||||
|
# matches the caller process's UID. Also if caller's uid or gid matches the
|
||||||
|
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
|
||||||
|
#
|
||||||
|
# To give the caller full permissions to lookup all users, set the mode to
|
||||||
|
# something else than 0666 and Dovecot lets the kernel enforce the
|
||||||
|
# permissions (e.g. 0777 allows everyone full permissions).
|
||||||
|
unix_listener auth-userdb {
|
||||||
|
#mode = 0666
|
||||||
|
#user =
|
||||||
|
#group =
|
||||||
|
}
|
||||||
|
|
||||||
|
# Postfix smtp-auth
|
||||||
|
#unix_listener /var/spool/postfix/private/auth {
|
||||||
|
# mode = 0666
|
||||||
|
#}
|
||||||
|
|
||||||
|
# Auth process is run as this user.
|
||||||
|
#user = $default_internal_user
|
||||||
|
}
|
||||||
|
|
||||||
|
service auth-worker {
|
||||||
|
# Auth worker process is run as root by default, so that it can access
|
||||||
|
# /etc/shadow. If this isn't necessary, the user should be changed to
|
||||||
|
# $default_internal_user.
|
||||||
|
#user = root
|
||||||
|
}
|
||||||
|
|
||||||
|
service dict {
|
||||||
|
# If dict proxy is used, mail processes should have access to its socket.
|
||||||
|
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
|
||||||
|
unix_listener dict {
|
||||||
|
#mode = 0600
|
||||||
|
#user =
|
||||||
|
#group =
|
||||||
|
}
|
||||||
|
}
|
65
dovecot/conf.d/10-ssl.conf
Normal file
65
dovecot/conf.d/10-ssl.conf
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
##
|
||||||
|
## SSL settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
|
||||||
|
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
|
||||||
|
# plain imap and pop3 are still allowed for local connections
|
||||||
|
ssl = yes
|
||||||
|
|
||||||
|
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
||||||
|
# dropping root privileges, so keep the key file unreadable by anyone but
|
||||||
|
# root. Included doc/mkcert.sh can be used to easily generate self-signed
|
||||||
|
# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
||||||
|
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
|
||||||
|
ssl_key = </etc/pki/dovecot/private/dovecot.pem
|
||||||
|
|
||||||
|
# If key file is password protected, give the password here. Alternatively
|
||||||
|
# give it when starting dovecot with -p parameter. Since this file is often
|
||||||
|
# world-readable, you may want to place this setting instead to a different
|
||||||
|
# root owned 0600 file by using ssl_key_password = <path.
|
||||||
|
#ssl_key_password =
|
||||||
|
|
||||||
|
# PEM encoded trusted certificate authority. Set this only if you intend to use
|
||||||
|
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
|
||||||
|
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
|
||||||
|
#ssl_ca =
|
||||||
|
|
||||||
|
# Require that CRL check succeeds for peer certificates.
|
||||||
|
#ssl_require_crl = yes
|
||||||
|
|
||||||
|
# Directory and/or file for trusted SSL CA certificates. These are used only
|
||||||
|
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
|
||||||
|
# directory is usually /etc/pki/dovecot/certs in Debian-based systems and the file is
|
||||||
|
# /etc/pki/tls/cert.pem in RedHat-based systems.
|
||||||
|
#ssl_client_ca_dir =
|
||||||
|
#ssl_client_ca_file =
|
||||||
|
|
||||||
|
# Request client to send a certificate. If you also want to require it, set
|
||||||
|
# auth_ssl_require_client_cert=yes in auth section.
|
||||||
|
#ssl_verify_client_cert = no
|
||||||
|
|
||||||
|
# Which field from certificate to use for username. commonName and
|
||||||
|
# x500UniqueIdentifier are the usual choices. You'll also need to set
|
||||||
|
# auth_ssl_username_from_cert=yes.
|
||||||
|
#ssl_cert_username_field = commonName
|
||||||
|
|
||||||
|
# DH parameters length to use.
|
||||||
|
#ssl_dh_parameters_length = 1024
|
||||||
|
|
||||||
|
# SSL protocols to use
|
||||||
|
ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 TLSv1 !SSLv3 !SSLv2
|
||||||
|
|
||||||
|
# SSL ciphers to use
|
||||||
|
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
|
||||||
|
|
||||||
|
# Prefer the server's order of ciphers over client's.
|
||||||
|
#ssl_prefer_server_ciphers = no
|
||||||
|
|
||||||
|
# SSL crypto device to use, for valid values run "openssl engine"
|
||||||
|
#ssl_crypto_device =
|
||||||
|
|
||||||
|
# SSL extra options. Currently supported options are:
|
||||||
|
# no_compression - Disable compression.
|
||||||
|
# no_ticket - Disable SSL session tickets.
|
||||||
|
#ssl_options =
|
65
dovecot/conf.d/10-ssl.conf_original
Normal file
65
dovecot/conf.d/10-ssl.conf_original
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
##
|
||||||
|
## SSL settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
|
||||||
|
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
|
||||||
|
# plain imap and pop3 are still allowed for local connections
|
||||||
|
ssl = required
|
||||||
|
|
||||||
|
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
||||||
|
# dropping root privileges, so keep the key file unreadable by anyone but
|
||||||
|
# root. Included doc/mkcert.sh can be used to easily generate self-signed
|
||||||
|
# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
||||||
|
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
|
||||||
|
ssl_key = </etc/pki/dovecot/private/dovecot.pem
|
||||||
|
|
||||||
|
# If key file is password protected, give the password here. Alternatively
|
||||||
|
# give it when starting dovecot with -p parameter. Since this file is often
|
||||||
|
# world-readable, you may want to place this setting instead to a different
|
||||||
|
# root owned 0600 file by using ssl_key_password = <path.
|
||||||
|
#ssl_key_password =
|
||||||
|
|
||||||
|
# PEM encoded trusted certificate authority. Set this only if you intend to use
|
||||||
|
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
|
||||||
|
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
|
||||||
|
#ssl_ca =
|
||||||
|
|
||||||
|
# Require that CRL check succeeds for peer certificates.
|
||||||
|
#ssl_require_crl = yes
|
||||||
|
|
||||||
|
# Directory and/or file for trusted SSL CA certificates. These are used only
|
||||||
|
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
|
||||||
|
# directory is usually /etc/pki/dovecot/certs in Debian-based systems and the file is
|
||||||
|
# /etc/pki/tls/cert.pem in RedHat-based systems.
|
||||||
|
#ssl_client_ca_dir =
|
||||||
|
#ssl_client_ca_file =
|
||||||
|
|
||||||
|
# Request client to send a certificate. If you also want to require it, set
|
||||||
|
# auth_ssl_require_client_cert=yes in auth section.
|
||||||
|
#ssl_verify_client_cert = no
|
||||||
|
|
||||||
|
# Which field from certificate to use for username. commonName and
|
||||||
|
# x500UniqueIdentifier are the usual choices. You'll also need to set
|
||||||
|
# auth_ssl_username_from_cert=yes.
|
||||||
|
#ssl_cert_username_field = commonName
|
||||||
|
|
||||||
|
# DH parameters length to use.
|
||||||
|
#ssl_dh_parameters_length = 1024
|
||||||
|
|
||||||
|
# SSL protocols to use
|
||||||
|
#ssl_protocols = !SSLv3
|
||||||
|
|
||||||
|
# SSL ciphers to use
|
||||||
|
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
|
||||||
|
|
||||||
|
# Prefer the server's order of ciphers over client's.
|
||||||
|
#ssl_prefer_server_ciphers = no
|
||||||
|
|
||||||
|
# SSL crypto device to use, for valid values run "openssl engine"
|
||||||
|
#ssl_crypto_device =
|
||||||
|
|
||||||
|
# SSL extra options. Currently supported options are:
|
||||||
|
# no_compression - Disable compression.
|
||||||
|
# no_ticket - Disable SSL session tickets.
|
||||||
|
#ssl_options =
|
48
dovecot/conf.d/15-lda.conf
Normal file
48
dovecot/conf.d/15-lda.conf
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
##
|
||||||
|
## LDA specific settings (also used by LMTP)
|
||||||
|
##
|
||||||
|
|
||||||
|
# Address to use when sending rejection mails.
|
||||||
|
# Default is postmaster@<your domain>. %d expands to recipient domain.
|
||||||
|
postmaster_address = postmaster@%d
|
||||||
|
|
||||||
|
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
|
||||||
|
# in LMTP replies. Default is the system's real hostname@domain.
|
||||||
|
#hostname =
|
||||||
|
|
||||||
|
# If user is over quota, return with temporary failure instead of
|
||||||
|
# bouncing the mail.
|
||||||
|
quota_full_tempfail = yes
|
||||||
|
|
||||||
|
# Binary to use for sending mails.
|
||||||
|
#sendmail_path = /usr/sbin/sendmail
|
||||||
|
|
||||||
|
# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
|
||||||
|
#submission_host =
|
||||||
|
|
||||||
|
# Subject: header to use for rejection mails. You can use the same variables
|
||||||
|
# as for rejection_reason below.
|
||||||
|
#rejection_subject = Rejected: %s
|
||||||
|
|
||||||
|
# Human readable error message for rejection mails. You can use variables:
|
||||||
|
# %n = CRLF, %r = reason, %s = original subject, %t = recipient
|
||||||
|
#rejection_reason = Your message to <%t> was automatically rejected:%n%r
|
||||||
|
|
||||||
|
# Delimiter character between local-part and detail in email address.
|
||||||
|
#recipient_delimiter = +
|
||||||
|
|
||||||
|
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
|
||||||
|
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
|
||||||
|
# A commonly used header for this is X-Original-To.
|
||||||
|
#lda_original_recipient_header =
|
||||||
|
|
||||||
|
# Should saving a mail to a nonexistent mailbox automatically create it?
|
||||||
|
#lda_mailbox_autocreate = no
|
||||||
|
|
||||||
|
# Should automatically created mailboxes be also automatically subscribed?
|
||||||
|
#lda_mailbox_autosubscribe = no
|
||||||
|
|
||||||
|
protocol lda {
|
||||||
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
|
mail_plugins = $mail_plugins quota
|
||||||
|
}
|
48
dovecot/conf.d/15-lda.conf_original
Normal file
48
dovecot/conf.d/15-lda.conf_original
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
##
|
||||||
|
## LDA specific settings (also used by LMTP)
|
||||||
|
##
|
||||||
|
|
||||||
|
# Address to use when sending rejection mails.
|
||||||
|
# Default is postmaster@<your domain>. %d expands to recipient domain.
|
||||||
|
#postmaster_address =
|
||||||
|
|
||||||
|
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
|
||||||
|
# in LMTP replies. Default is the system's real hostname@domain.
|
||||||
|
#hostname =
|
||||||
|
|
||||||
|
# If user is over quota, return with temporary failure instead of
|
||||||
|
# bouncing the mail.
|
||||||
|
#quota_full_tempfail = no
|
||||||
|
|
||||||
|
# Binary to use for sending mails.
|
||||||
|
#sendmail_path = /usr/sbin/sendmail
|
||||||
|
|
||||||
|
# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
|
||||||
|
#submission_host =
|
||||||
|
|
||||||
|
# Subject: header to use for rejection mails. You can use the same variables
|
||||||
|
# as for rejection_reason below.
|
||||||
|
#rejection_subject = Rejected: %s
|
||||||
|
|
||||||
|
# Human readable error message for rejection mails. You can use variables:
|
||||||
|
# %n = CRLF, %r = reason, %s = original subject, %t = recipient
|
||||||
|
#rejection_reason = Your message to <%t> was automatically rejected:%n%r
|
||||||
|
|
||||||
|
# Delimiter character between local-part and detail in email address.
|
||||||
|
#recipient_delimiter = +
|
||||||
|
|
||||||
|
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
|
||||||
|
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
|
||||||
|
# A commonly used header for this is X-Original-To.
|
||||||
|
#lda_original_recipient_header =
|
||||||
|
|
||||||
|
# Should saving a mail to a nonexistent mailbox automatically create it?
|
||||||
|
#lda_mailbox_autocreate = no
|
||||||
|
|
||||||
|
# Should automatically created mailboxes be also automatically subscribed?
|
||||||
|
#lda_mailbox_autosubscribe = no
|
||||||
|
|
||||||
|
protocol lda {
|
||||||
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
|
#mail_plugins = $mail_plugins
|
||||||
|
}
|
82
dovecot/conf.d/15-mailboxes.conf
Normal file
82
dovecot/conf.d/15-mailboxes.conf
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
##
|
||||||
|
## Mailbox definitions
|
||||||
|
##
|
||||||
|
|
||||||
|
# Each mailbox is specified in a separate mailbox section. The section name
|
||||||
|
# specifies the mailbox name. If it has spaces, you can put the name
|
||||||
|
# "in quotes". These sections can contain the following mailbox settings:
|
||||||
|
#
|
||||||
|
# auto:
|
||||||
|
# Indicates whether the mailbox with this name is automatically created
|
||||||
|
# implicitly when it is first accessed. The user can also be automatically
|
||||||
|
# subscribed to the mailbox after creation. The following values are
|
||||||
|
# defined for this setting:
|
||||||
|
#
|
||||||
|
# no - Never created automatically.
|
||||||
|
# create - Automatically created, but no automatic subscription.
|
||||||
|
# subscribe - Automatically created and subscribed.
|
||||||
|
#
|
||||||
|
# special_use:
|
||||||
|
# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
|
||||||
|
# mailbox. There are no validity checks, so you could specify anything
|
||||||
|
# you want in here, but it's not a good idea to use flags other than the
|
||||||
|
# standard ones specified in the RFC:
|
||||||
|
#
|
||||||
|
# \All - This (virtual) mailbox presents all messages in the
|
||||||
|
# user's message store.
|
||||||
|
# \Archive - This mailbox is used to archive messages.
|
||||||
|
# \Drafts - This mailbox is used to hold draft messages.
|
||||||
|
# \Flagged - This (virtual) mailbox presents all messages in the
|
||||||
|
# user's message store marked with the IMAP \Flagged flag.
|
||||||
|
# \Junk - This mailbox is where messages deemed to be junk mail
|
||||||
|
# are held.
|
||||||
|
# \Sent - This mailbox is used to hold copies of messages that
|
||||||
|
# have been sent.
|
||||||
|
# \Trash - This mailbox is used to hold messages that have been
|
||||||
|
# deleted.
|
||||||
|
#
|
||||||
|
# comment:
|
||||||
|
# Defines a default comment or note associated with the mailbox. This
|
||||||
|
# value is accessible through the IMAP METADATA mailbox entries
|
||||||
|
# "/shared/comment" and "/private/comment". Users with sufficient
|
||||||
|
# privileges can override the default value for entries with a custom
|
||||||
|
# value.
|
||||||
|
|
||||||
|
# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
|
||||||
|
namespace inbox {
|
||||||
|
# These mailboxes are widely used and could perhaps be created automatically:
|
||||||
|
mailbox Drafts {
|
||||||
|
auto = create
|
||||||
|
special_use = \Drafts
|
||||||
|
}
|
||||||
|
mailbox Junk {
|
||||||
|
auto = create
|
||||||
|
special_use = \Junk
|
||||||
|
}
|
||||||
|
mailbox Trash {
|
||||||
|
auto = create
|
||||||
|
special_use = \Trash
|
||||||
|
}
|
||||||
|
|
||||||
|
# For \Sent mailboxes there are two widely used names. We'll mark both of
|
||||||
|
# them as \Sent. User typically deletes one of them if duplicates are created.
|
||||||
|
mailbox Sent {
|
||||||
|
auto = create
|
||||||
|
special_use = \Sent
|
||||||
|
}
|
||||||
|
mailbox "Sent Messages" {
|
||||||
|
special_use = \Sent
|
||||||
|
}
|
||||||
|
|
||||||
|
# If you have a virtual "All messages" mailbox:
|
||||||
|
#mailbox virtual/All {
|
||||||
|
# special_use = \All
|
||||||
|
# comment = All my messages
|
||||||
|
#}
|
||||||
|
|
||||||
|
# If you have a virtual "Flagged" mailbox:
|
||||||
|
#mailbox virtual/Flagged {
|
||||||
|
# special_use = \Flagged
|
||||||
|
# comment = All my flagged messages
|
||||||
|
#}
|
||||||
|
}
|
78
dovecot/conf.d/15-mailboxes.conf_original
Normal file
78
dovecot/conf.d/15-mailboxes.conf_original
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
##
|
||||||
|
## Mailbox definitions
|
||||||
|
##
|
||||||
|
|
||||||
|
# Each mailbox is specified in a separate mailbox section. The section name
|
||||||
|
# specifies the mailbox name. If it has spaces, you can put the name
|
||||||
|
# "in quotes". These sections can contain the following mailbox settings:
|
||||||
|
#
|
||||||
|
# auto:
|
||||||
|
# Indicates whether the mailbox with this name is automatically created
|
||||||
|
# implicitly when it is first accessed. The user can also be automatically
|
||||||
|
# subscribed to the mailbox after creation. The following values are
|
||||||
|
# defined for this setting:
|
||||||
|
#
|
||||||
|
# no - Never created automatically.
|
||||||
|
# create - Automatically created, but no automatic subscription.
|
||||||
|
# subscribe - Automatically created and subscribed.
|
||||||
|
#
|
||||||
|
# special_use:
|
||||||
|
# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
|
||||||
|
# mailbox. There are no validity checks, so you could specify anything
|
||||||
|
# you want in here, but it's not a good idea to use flags other than the
|
||||||
|
# standard ones specified in the RFC:
|
||||||
|
#
|
||||||
|
# \All - This (virtual) mailbox presents all messages in the
|
||||||
|
# user's message store.
|
||||||
|
# \Archive - This mailbox is used to archive messages.
|
||||||
|
# \Drafts - This mailbox is used to hold draft messages.
|
||||||
|
# \Flagged - This (virtual) mailbox presents all messages in the
|
||||||
|
# user's message store marked with the IMAP \Flagged flag.
|
||||||
|
# \Junk - This mailbox is where messages deemed to be junk mail
|
||||||
|
# are held.
|
||||||
|
# \Sent - This mailbox is used to hold copies of messages that
|
||||||
|
# have been sent.
|
||||||
|
# \Trash - This mailbox is used to hold messages that have been
|
||||||
|
# deleted.
|
||||||
|
#
|
||||||
|
# comment:
|
||||||
|
# Defines a default comment or note associated with the mailbox. This
|
||||||
|
# value is accessible through the IMAP METADATA mailbox entries
|
||||||
|
# "/shared/comment" and "/private/comment". Users with sufficient
|
||||||
|
# privileges can override the default value for entries with a custom
|
||||||
|
# value.
|
||||||
|
|
||||||
|
# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
|
||||||
|
namespace inbox {
|
||||||
|
# These mailboxes are widely used and could perhaps be created automatically:
|
||||||
|
mailbox Drafts {
|
||||||
|
special_use = \Drafts
|
||||||
|
}
|
||||||
|
mailbox Junk {
|
||||||
|
special_use = \Junk
|
||||||
|
}
|
||||||
|
mailbox Trash {
|
||||||
|
special_use = \Trash
|
||||||
|
}
|
||||||
|
|
||||||
|
# For \Sent mailboxes there are two widely used names. We'll mark both of
|
||||||
|
# them as \Sent. User typically deletes one of them if duplicates are created.
|
||||||
|
mailbox Sent {
|
||||||
|
special_use = \Sent
|
||||||
|
}
|
||||||
|
mailbox "Sent Messages" {
|
||||||
|
special_use = \Sent
|
||||||
|
}
|
||||||
|
|
||||||
|
# If you have a virtual "All messages" mailbox:
|
||||||
|
#mailbox virtual/All {
|
||||||
|
# special_use = \All
|
||||||
|
# comment = All my messages
|
||||||
|
#}
|
||||||
|
|
||||||
|
# If you have a virtual "Flagged" mailbox:
|
||||||
|
#mailbox virtual/Flagged {
|
||||||
|
# special_use = \Flagged
|
||||||
|
# comment = All my flagged messages
|
||||||
|
#}
|
||||||
|
}
|
92
dovecot/conf.d/20-imap.conf
Normal file
92
dovecot/conf.d/20-imap.conf
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
##
|
||||||
|
## IMAP specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# If nothing happens for this long while client is IDLEing, move the connection
|
||||||
|
# to imap-hibernate process and close the old imap process. This saves memory,
|
||||||
|
# because connections use very little memory in imap-hibernate process. The
|
||||||
|
# downside is that recreating the imap process back uses some resources.
|
||||||
|
#imap_hibernate_timeout = 0
|
||||||
|
|
||||||
|
# Maximum IMAP command line length. Some clients generate very long command
|
||||||
|
# lines with huge mailboxes, so you may need to raise this if you get
|
||||||
|
# "Too long argument" or "IMAP command line too large" errors often.
|
||||||
|
#imap_max_line_length = 64k
|
||||||
|
|
||||||
|
# IMAP logout format string:
|
||||||
|
# %i - total number of bytes read from client
|
||||||
|
# %o - total number of bytes sent to client
|
||||||
|
# %{fetch_hdr_count} - Number of mails with mail header data sent to client
|
||||||
|
# %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
|
||||||
|
# %{fetch_body_count} - Number of mails with mail body data sent to client
|
||||||
|
# %{fetch_body_bytes} - Number of bytes with mail body data sent to client
|
||||||
|
# %{deleted} - Number of mails where client added \Deleted flag
|
||||||
|
# %{expunged} - Number of mails that client expunged, which does not
|
||||||
|
# include automatically expunged mails
|
||||||
|
# %{autoexpunged} - Number of mails that were automatically expunged after
|
||||||
|
# client disconnected
|
||||||
|
# %{trashed} - Number of mails that client copied/moved to the
|
||||||
|
# special_use=\Trash mailbox.
|
||||||
|
# %{appended} - Number of mails saved during the session
|
||||||
|
#imap_logout_format = in=%i out=%o
|
||||||
|
|
||||||
|
# Override the IMAP CAPABILITY response. If the value begins with '+',
|
||||||
|
# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
|
||||||
|
#imap_capability =
|
||||||
|
|
||||||
|
# How long to wait between "OK Still here" notifications when client is
|
||||||
|
# IDLEing.
|
||||||
|
#imap_idle_notify_interval = 2 mins
|
||||||
|
|
||||||
|
# ID field names and values to send to clients. Using * as the value makes
|
||||||
|
# Dovecot use the default value. The following fields have default values
|
||||||
|
# currently: name, version, os, os-version, support-url, support-email.
|
||||||
|
#imap_id_send =
|
||||||
|
|
||||||
|
# ID fields sent by client to log. * means everything.
|
||||||
|
#imap_id_log =
|
||||||
|
|
||||||
|
# Workarounds for various client bugs:
|
||||||
|
# delay-newmail:
|
||||||
|
# Send EXISTS/RECENT new mail notifications only when replying to NOOP
|
||||||
|
# and CHECK commands. Some clients ignore them otherwise, for example OSX
|
||||||
|
# Mail (<v2.1). Outlook Express breaks more badly though, without this it
|
||||||
|
# may show user "Message no longer in server" errors. Note that OE6 still
|
||||||
|
# breaks even with this workaround if synchronization is set to
|
||||||
|
# "Headers Only".
|
||||||
|
# tb-extra-mailbox-sep:
|
||||||
|
# Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
|
||||||
|
# adds extra '/' suffixes to mailbox names. This option causes Dovecot to
|
||||||
|
# ignore the extra '/' instead of treating it as invalid mailbox name.
|
||||||
|
# tb-lsub-flags:
|
||||||
|
# Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
|
||||||
|
# This makes Thunderbird realize they aren't selectable and show them
|
||||||
|
# greyed out, instead of only later giving "not selectable" popup error.
|
||||||
|
#
|
||||||
|
# The list is space-separated.
|
||||||
|
#imap_client_workarounds =
|
||||||
|
|
||||||
|
# Host allowed in URLAUTH URLs sent by client. "*" allows all.
|
||||||
|
#imap_urlauth_host =
|
||||||
|
|
||||||
|
# What happens when FETCH fails due to some internal error:
|
||||||
|
# disconnect-immediately:
|
||||||
|
# The FETCH is aborted immediately and the IMAP client is disconnected.
|
||||||
|
# disconnect-after:
|
||||||
|
# The FETCH runs for all the requested mails returning as much data as
|
||||||
|
# possible. The client is finally disconnected without a tagged reply.
|
||||||
|
# no-after:
|
||||||
|
# Same as disconnect-after, but tagged NO reply is sent instead of
|
||||||
|
# disconnecting the client. If the client attempts to FETCH the same failed
|
||||||
|
# mail more than once, the client is disconnected. This is to avoid clients
|
||||||
|
# from going into infinite loops trying to FETCH a broken mail.
|
||||||
|
#imap_fetch_failure = disconnect-immediately
|
||||||
|
|
||||||
|
protocol imap {
|
||||||
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
|
mail_plugins = $mail_plugins imap_quota
|
||||||
|
|
||||||
|
# Maximum number of IMAP connections allowed for a user from each IP address.
|
||||||
|
# NOTE: The username is compared case-sensitively.
|
||||||
|
#mail_max_userip_connections = 10
|
||||||
|
}
|
92
dovecot/conf.d/20-imap.conf_original
Normal file
92
dovecot/conf.d/20-imap.conf_original
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
##
|
||||||
|
## IMAP specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# If nothing happens for this long while client is IDLEing, move the connection
|
||||||
|
# to imap-hibernate process and close the old imap process. This saves memory,
|
||||||
|
# because connections use very little memory in imap-hibernate process. The
|
||||||
|
# downside is that recreating the imap process back uses some resources.
|
||||||
|
#imap_hibernate_timeout = 0
|
||||||
|
|
||||||
|
# Maximum IMAP command line length. Some clients generate very long command
|
||||||
|
# lines with huge mailboxes, so you may need to raise this if you get
|
||||||
|
# "Too long argument" or "IMAP command line too large" errors often.
|
||||||
|
#imap_max_line_length = 64k
|
||||||
|
|
||||||
|
# IMAP logout format string:
|
||||||
|
# %i - total number of bytes read from client
|
||||||
|
# %o - total number of bytes sent to client
|
||||||
|
# %{fetch_hdr_count} - Number of mails with mail header data sent to client
|
||||||
|
# %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
|
||||||
|
# %{fetch_body_count} - Number of mails with mail body data sent to client
|
||||||
|
# %{fetch_body_bytes} - Number of bytes with mail body data sent to client
|
||||||
|
# %{deleted} - Number of mails where client added \Deleted flag
|
||||||
|
# %{expunged} - Number of mails that client expunged, which does not
|
||||||
|
# include automatically expunged mails
|
||||||
|
# %{autoexpunged} - Number of mails that were automatically expunged after
|
||||||
|
# client disconnected
|
||||||
|
# %{trashed} - Number of mails that client copied/moved to the
|
||||||
|
# special_use=\Trash mailbox.
|
||||||
|
# %{appended} - Number of mails saved during the session
|
||||||
|
#imap_logout_format = in=%i out=%o
|
||||||
|
|
||||||
|
# Override the IMAP CAPABILITY response. If the value begins with '+',
|
||||||
|
# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
|
||||||
|
#imap_capability =
|
||||||
|
|
||||||
|
# How long to wait between "OK Still here" notifications when client is
|
||||||
|
# IDLEing.
|
||||||
|
#imap_idle_notify_interval = 2 mins
|
||||||
|
|
||||||
|
# ID field names and values to send to clients. Using * as the value makes
|
||||||
|
# Dovecot use the default value. The following fields have default values
|
||||||
|
# currently: name, version, os, os-version, support-url, support-email.
|
||||||
|
#imap_id_send =
|
||||||
|
|
||||||
|
# ID fields sent by client to log. * means everything.
|
||||||
|
#imap_id_log =
|
||||||
|
|
||||||
|
# Workarounds for various client bugs:
|
||||||
|
# delay-newmail:
|
||||||
|
# Send EXISTS/RECENT new mail notifications only when replying to NOOP
|
||||||
|
# and CHECK commands. Some clients ignore them otherwise, for example OSX
|
||||||
|
# Mail (<v2.1). Outlook Express breaks more badly though, without this it
|
||||||
|
# may show user "Message no longer in server" errors. Note that OE6 still
|
||||||
|
# breaks even with this workaround if synchronization is set to
|
||||||
|
# "Headers Only".
|
||||||
|
# tb-extra-mailbox-sep:
|
||||||
|
# Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
|
||||||
|
# adds extra '/' suffixes to mailbox names. This option causes Dovecot to
|
||||||
|
# ignore the extra '/' instead of treating it as invalid mailbox name.
|
||||||
|
# tb-lsub-flags:
|
||||||
|
# Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
|
||||||
|
# This makes Thunderbird realize they aren't selectable and show them
|
||||||
|
# greyed out, instead of only later giving "not selectable" popup error.
|
||||||
|
#
|
||||||
|
# The list is space-separated.
|
||||||
|
#imap_client_workarounds =
|
||||||
|
|
||||||
|
# Host allowed in URLAUTH URLs sent by client. "*" allows all.
|
||||||
|
#imap_urlauth_host =
|
||||||
|
|
||||||
|
# What happens when FETCH fails due to some internal error:
|
||||||
|
# disconnect-immediately:
|
||||||
|
# The FETCH is aborted immediately and the IMAP client is disconnected.
|
||||||
|
# disconnect-after:
|
||||||
|
# The FETCH runs for all the requested mails returning as much data as
|
||||||
|
# possible. The client is finally disconnected without a tagged reply.
|
||||||
|
# no-after:
|
||||||
|
# Same as disconnect-after, but tagged NO reply is sent instead of
|
||||||
|
# disconnecting the client. If the client attempts to FETCH the same failed
|
||||||
|
# mail more than once, the client is disconnected. This is to avoid clients
|
||||||
|
# from going into infinite loops trying to FETCH a broken mail.
|
||||||
|
#imap_fetch_failure = disconnect-immediately
|
||||||
|
|
||||||
|
protocol imap {
|
||||||
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
|
mail_plugins = $mail_plugins imap_quota
|
||||||
|
|
||||||
|
# Maximum number of IMAP connections allowed for a user from each IP address.
|
||||||
|
# NOTE: The username is compared case-sensitively.
|
||||||
|
#mail_max_userip_connections = 10
|
||||||
|
}
|
26
dovecot/conf.d/20-lmtp.conf
Normal file
26
dovecot/conf.d/20-lmtp.conf
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
##
|
||||||
|
## LMTP specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
|
||||||
|
#lmtp_proxy = no
|
||||||
|
|
||||||
|
# When recipient address includes the detail (e.g. user+detail), try to save
|
||||||
|
# the mail to the detail mailbox. See also recipient_delimiter and
|
||||||
|
# lda_mailbox_autocreate settings.
|
||||||
|
#lmtp_save_to_detail_mailbox = no
|
||||||
|
|
||||||
|
# Verify quota before replying to RCPT TO. This adds a small overhead.
|
||||||
|
#lmtp_rcpt_check_quota = no
|
||||||
|
|
||||||
|
# Which recipient address to use for Delivered-To: header and Received:
|
||||||
|
# header. The default is "final", which is the same as the one given to
|
||||||
|
# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT
|
||||||
|
# parameter, "none" uses nothing. Note that "none" is currently always used
|
||||||
|
# when a mail has multiple recipients.
|
||||||
|
#lmtp_hdr_delivery_address = final
|
||||||
|
|
||||||
|
protocol lmtp {
|
||||||
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
|
mail_plugins = $mail_plugins sieve quota
|
||||||
|
}
|
26
dovecot/conf.d/20-lmtp.conf_original
Normal file
26
dovecot/conf.d/20-lmtp.conf_original
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
##
|
||||||
|
## LMTP specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
|
||||||
|
#lmtp_proxy = no
|
||||||
|
|
||||||
|
# When recipient address includes the detail (e.g. user+detail), try to save
|
||||||
|
# the mail to the detail mailbox. See also recipient_delimiter and
|
||||||
|
# lda_mailbox_autocreate settings.
|
||||||
|
#lmtp_save_to_detail_mailbox = no
|
||||||
|
|
||||||
|
# Verify quota before replying to RCPT TO. This adds a small overhead.
|
||||||
|
#lmtp_rcpt_check_quota = no
|
||||||
|
|
||||||
|
# Which recipient address to use for Delivered-To: header and Received:
|
||||||
|
# header. The default is "final", which is the same as the one given to
|
||||||
|
# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT
|
||||||
|
# parameter, "none" uses nothing. Note that "none" is currently always used
|
||||||
|
# when a mail has multiple recipients.
|
||||||
|
#lmtp_hdr_delivery_address = final
|
||||||
|
|
||||||
|
protocol lmtp {
|
||||||
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
|
#mail_plugins = $mail_plugins
|
||||||
|
}
|
84
dovecot/conf.d/20-managesieve.conf
Normal file
84
dovecot/conf.d/20-managesieve.conf
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
##
|
||||||
|
## ManageSieve specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Uncomment to enable managesieve protocol:
|
||||||
|
protocols = $protocols sieve
|
||||||
|
|
||||||
|
# Service definitions
|
||||||
|
|
||||||
|
#service managesieve-login {
|
||||||
|
#inet_listener sieve {
|
||||||
|
# port = 4190
|
||||||
|
#}
|
||||||
|
|
||||||
|
#inet_listener sieve_deprecated {
|
||||||
|
# port = 2000
|
||||||
|
#}
|
||||||
|
|
||||||
|
# Number of connections to handle before starting a new process. Typically
|
||||||
|
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
||||||
|
# is faster. <doc/wiki/LoginProcess.txt>
|
||||||
|
#service_count = 1
|
||||||
|
|
||||||
|
# Number of processes to always keep waiting for more connections.
|
||||||
|
#process_min_avail = 0
|
||||||
|
|
||||||
|
# If you set service_count=0, you probably need to grow this.
|
||||||
|
#vsz_limit = 64M
|
||||||
|
#}
|
||||||
|
|
||||||
|
#service managesieve {
|
||||||
|
# Max. number of ManageSieve processes (connections)
|
||||||
|
#process_limit = 1024
|
||||||
|
#}
|
||||||
|
|
||||||
|
# Service configuration
|
||||||
|
|
||||||
|
protocol sieve {
|
||||||
|
# Maximum ManageSieve command line length in bytes. ManageSieve usually does
|
||||||
|
# not involve overly long command lines, so this setting will not normally
|
||||||
|
# need adjustment
|
||||||
|
#managesieve_max_line_length = 65536
|
||||||
|
|
||||||
|
# Maximum number of ManageSieve connections allowed for a user from each IP
|
||||||
|
# address.
|
||||||
|
# NOTE: The username is compared case-sensitively.
|
||||||
|
#mail_max_userip_connections = 10
|
||||||
|
|
||||||
|
# Space separated list of plugins to load (none known to be useful so far).
|
||||||
|
# Do NOT try to load IMAP plugins here.
|
||||||
|
#mail_plugins =
|
||||||
|
|
||||||
|
# MANAGESIEVE logout format string:
|
||||||
|
# %i - total number of bytes read from client
|
||||||
|
# %o - total number of bytes sent to client
|
||||||
|
# %{put_bytes} - Number of bytes saved using PUTSCRIPT command
|
||||||
|
# %{put_count} - Number of scripts saved using PUTSCRIPT command
|
||||||
|
# %{get_bytes} - Number of bytes read using GETCRIPT command
|
||||||
|
# %{get_count} - Number of scripts read using GETSCRIPT command
|
||||||
|
# %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
|
||||||
|
# %{get_count} - Number of scripts checked using CHECKSCRIPT command
|
||||||
|
# %{deleted_count} - Number of scripts deleted using DELETESCRIPT command
|
||||||
|
# %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command
|
||||||
|
#managesieve_logout_format = bytes=%i/%o
|
||||||
|
|
||||||
|
# To fool ManageSieve clients that are focused on CMU's timesieved you can
|
||||||
|
# specify the IMPLEMENTATION capability that Dovecot reports to clients.
|
||||||
|
# For example: 'Cyrus timsieved v2.2.13'
|
||||||
|
#managesieve_implementation_string = Dovecot Pigeonhole
|
||||||
|
|
||||||
|
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
|
||||||
|
# before login. If left unassigned these will be reported dynamically
|
||||||
|
# according to what the Sieve interpreter supports by default (after login
|
||||||
|
# this may differ depending on the user).
|
||||||
|
#managesieve_sieve_capability =
|
||||||
|
#managesieve_notify_capability =
|
||||||
|
|
||||||
|
# The maximum number of compile errors that are returned to the client upon
|
||||||
|
# script upload or script verification.
|
||||||
|
#managesieve_max_compile_errors = 5
|
||||||
|
|
||||||
|
# Refer to 90-sieve.conf for script quota configuration and configuration of
|
||||||
|
# Sieve execution limits.
|
||||||
|
}
|
84
dovecot/conf.d/20-managesieve.conf_original
Normal file
84
dovecot/conf.d/20-managesieve.conf_original
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
##
|
||||||
|
## ManageSieve specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Uncomment to enable managesieve protocol:
|
||||||
|
#protocols = $protocols sieve
|
||||||
|
|
||||||
|
# Service definitions
|
||||||
|
|
||||||
|
#service managesieve-login {
|
||||||
|
#inet_listener sieve {
|
||||||
|
# port = 4190
|
||||||
|
#}
|
||||||
|
|
||||||
|
#inet_listener sieve_deprecated {
|
||||||
|
# port = 2000
|
||||||
|
#}
|
||||||
|
|
||||||
|
# Number of connections to handle before starting a new process. Typically
|
||||||
|
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
||||||
|
# is faster. <doc/wiki/LoginProcess.txt>
|
||||||
|
#service_count = 1
|
||||||
|
|
||||||
|
# Number of processes to always keep waiting for more connections.
|
||||||
|
#process_min_avail = 0
|
||||||
|
|
||||||
|
# If you set service_count=0, you probably need to grow this.
|
||||||
|
#vsz_limit = 64M
|
||||||
|
#}
|
||||||
|
|
||||||
|
#service managesieve {
|
||||||
|
# Max. number of ManageSieve processes (connections)
|
||||||
|
#process_limit = 1024
|
||||||
|
#}
|
||||||
|
|
||||||
|
# Service configuration
|
||||||
|
|
||||||
|
protocol sieve {
|
||||||
|
# Maximum ManageSieve command line length in bytes. ManageSieve usually does
|
||||||
|
# not involve overly long command lines, so this setting will not normally
|
||||||
|
# need adjustment
|
||||||
|
#managesieve_max_line_length = 65536
|
||||||
|
|
||||||
|
# Maximum number of ManageSieve connections allowed for a user from each IP
|
||||||
|
# address.
|
||||||
|
# NOTE: The username is compared case-sensitively.
|
||||||
|
#mail_max_userip_connections = 10
|
||||||
|
|
||||||
|
# Space separated list of plugins to load (none known to be useful so far).
|
||||||
|
# Do NOT try to load IMAP plugins here.
|
||||||
|
#mail_plugins =
|
||||||
|
|
||||||
|
# MANAGESIEVE logout format string:
|
||||||
|
# %i - total number of bytes read from client
|
||||||
|
# %o - total number of bytes sent to client
|
||||||
|
# %{put_bytes} - Number of bytes saved using PUTSCRIPT command
|
||||||
|
# %{put_count} - Number of scripts saved using PUTSCRIPT command
|
||||||
|
# %{get_bytes} - Number of bytes read using GETCRIPT command
|
||||||
|
# %{get_count} - Number of scripts read using GETSCRIPT command
|
||||||
|
# %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
|
||||||
|
# %{get_count} - Number of scripts checked using CHECKSCRIPT command
|
||||||
|
# %{deleted_count} - Number of scripts deleted using DELETESCRIPT command
|
||||||
|
# %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command
|
||||||
|
#managesieve_logout_format = bytes=%i/%o
|
||||||
|
|
||||||
|
# To fool ManageSieve clients that are focused on CMU's timesieved you can
|
||||||
|
# specify the IMPLEMENTATION capability that Dovecot reports to clients.
|
||||||
|
# For example: 'Cyrus timsieved v2.2.13'
|
||||||
|
#managesieve_implementation_string = Dovecot Pigeonhole
|
||||||
|
|
||||||
|
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
|
||||||
|
# before login. If left unassigned these will be reported dynamically
|
||||||
|
# according to what the Sieve interpreter supports by default (after login
|
||||||
|
# this may differ depending on the user).
|
||||||
|
#managesieve_sieve_capability =
|
||||||
|
#managesieve_notify_capability =
|
||||||
|
|
||||||
|
# The maximum number of compile errors that are returned to the client upon
|
||||||
|
# script upload or script verification.
|
||||||
|
#managesieve_max_compile_errors = 5
|
||||||
|
|
||||||
|
# Refer to 90-sieve.conf for script quota configuration and configuration of
|
||||||
|
# Sieve execution limits.
|
||||||
|
}
|
99
dovecot/conf.d/20-pop3.conf
Normal file
99
dovecot/conf.d/20-pop3.conf
Normal file
|
@ -0,0 +1,99 @@
|
||||||
|
##
|
||||||
|
## POP3 specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Don't try to set mails non-recent or seen with POP3 sessions. This is
|
||||||
|
# mostly intended to reduce disk I/O. With maildir it doesn't move files
|
||||||
|
# from new/ to cur/, with mbox it doesn't write Status-header.
|
||||||
|
#pop3_no_flag_updates = no
|
||||||
|
|
||||||
|
# Support LAST command which exists in old POP3 specs, but has been removed
|
||||||
|
# from new ones. Some clients still wish to use this though. Enabling this
|
||||||
|
# makes RSET command clear all \Seen flags from messages.
|
||||||
|
#pop3_enable_last = no
|
||||||
|
|
||||||
|
# If mail has X-UIDL header, use it as the mail's UIDL.
|
||||||
|
#pop3_reuse_xuidl = no
|
||||||
|
|
||||||
|
# Allow only one POP3 session to run simultaneously for the same user.
|
||||||
|
#pop3_lock_session = no
|
||||||
|
|
||||||
|
# POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
|
||||||
|
# Many POP3 servers violate this by returning the sizes with LF linefeeds,
|
||||||
|
# because it's faster to get. When this setting is enabled, Dovecot still
|
||||||
|
# tries to do the right thing first, but if that requires opening the
|
||||||
|
# message, it fallbacks to the easier (but incorrect) size.
|
||||||
|
#pop3_fast_size_lookups = no
|
||||||
|
|
||||||
|
# POP3 UIDL (unique mail identifier) format to use. You can use following
|
||||||
|
# variables, along with the variable modifiers described in
|
||||||
|
# doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
|
||||||
|
#
|
||||||
|
# %v - Mailbox's IMAP UIDVALIDITY
|
||||||
|
# %u - Mail's IMAP UID
|
||||||
|
# %m - MD5 sum of the mailbox headers in hex (mbox only)
|
||||||
|
# %f - filename (maildir only)
|
||||||
|
# %g - Mail's GUID
|
||||||
|
#
|
||||||
|
# If you want UIDL compatibility with other POP3 servers, use:
|
||||||
|
# UW's ipop3d : %08Xv%08Xu
|
||||||
|
# Courier : %f or %v-%u (both might be used simultaneosly)
|
||||||
|
# Cyrus (<= 2.1.3) : %u
|
||||||
|
# Cyrus (>= 2.1.4) : %v.%u
|
||||||
|
# Dovecot v0.99.x : %v.%u
|
||||||
|
# tpop3d : %Mf
|
||||||
|
#
|
||||||
|
# Note that Outlook 2003 seems to have problems with %v.%u format which was
|
||||||
|
# Dovecot's default, so if you're building a new server it would be a good
|
||||||
|
# idea to change this. %08Xu%08Xv should be pretty fail-safe.
|
||||||
|
#
|
||||||
|
#pop3_uidl_format = %08Xu%08Xv
|
||||||
|
|
||||||
|
# Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
|
||||||
|
# won't change those UIDLs. Currently this works only with Maildir.
|
||||||
|
#pop3_save_uidl = no
|
||||||
|
|
||||||
|
# What to do about duplicate UIDLs if they exist?
|
||||||
|
# allow: Show duplicates to clients.
|
||||||
|
# rename: Append a temporary -2, -3, etc. counter after the UIDL.
|
||||||
|
#pop3_uidl_duplicates = allow
|
||||||
|
|
||||||
|
# This option changes POP3 behavior so that it's not possible to actually
|
||||||
|
# delete mails via POP3, only hide them from future POP3 sessions. The mails
|
||||||
|
# will still be counted towards user's quota until actually deleted via IMAP.
|
||||||
|
# Use e.g. "$POP3Deleted" as the value (it will be visible as IMAP keyword).
|
||||||
|
# Make sure you can legally archive mails before enabling this setting.
|
||||||
|
#pop3_deleted_flag =
|
||||||
|
|
||||||
|
# POP3 logout format string:
|
||||||
|
# %i - total number of bytes read from client
|
||||||
|
# %o - total number of bytes sent to client
|
||||||
|
# %t - number of TOP commands
|
||||||
|
# %p - number of bytes sent to client as a result of TOP command
|
||||||
|
# %r - number of RETR commands
|
||||||
|
# %b - number of bytes sent to client as a result of RETR command
|
||||||
|
# %d - number of deleted messages
|
||||||
|
# %{deleted_bytes} - number of bytes in deleted messages
|
||||||
|
# %m - number of messages (before deletion)
|
||||||
|
# %s - mailbox size in bytes (before deletion)
|
||||||
|
# %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
|
||||||
|
#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
|
||||||
|
|
||||||
|
# Workarounds for various client bugs:
|
||||||
|
# outlook-no-nuls:
|
||||||
|
# Outlook and Outlook Express hang if mails contain NUL characters.
|
||||||
|
# This setting replaces them with 0x80 character.
|
||||||
|
# oe-ns-eoh:
|
||||||
|
# Outlook Express and Netscape Mail breaks if end of headers-line is
|
||||||
|
# missing. This option simply sends it if it's missing.
|
||||||
|
# The list is space-separated.
|
||||||
|
#pop3_client_workarounds =
|
||||||
|
|
||||||
|
protocol pop3 {
|
||||||
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
|
#mail_plugins = $mail_plugins
|
||||||
|
|
||||||
|
# Maximum number of POP3 connections allowed for a user from each IP address.
|
||||||
|
# NOTE: The username is compared case-sensitively.
|
||||||
|
#mail_max_userip_connections = 10
|
||||||
|
}
|
19
dovecot/conf.d/90-acl.conf
Normal file
19
dovecot/conf.d/90-acl.conf
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
##
|
||||||
|
## Mailbox access control lists.
|
||||||
|
##
|
||||||
|
|
||||||
|
# vfile backend reads ACLs from "dovecot-acl" file from mail directory.
|
||||||
|
# You can also optionally give a global ACL directory path where ACLs are
|
||||||
|
# applied to all users' mailboxes. The global ACL directory contains
|
||||||
|
# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
|
||||||
|
# specifies how many seconds to wait between stat()ing dovecot-acl file
|
||||||
|
# to see if it changed.
|
||||||
|
plugin {
|
||||||
|
#acl = vfile:/etc/dovecot/global-acls:cache_secs=300
|
||||||
|
}
|
||||||
|
|
||||||
|
# To let users LIST mailboxes shared by other users, Dovecot needs a
|
||||||
|
# shared mailbox dictionary. For example:
|
||||||
|
plugin {
|
||||||
|
#acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
|
||||||
|
}
|
11
dovecot/conf.d/90-plugin.conf
Normal file
11
dovecot/conf.d/90-plugin.conf
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
##
|
||||||
|
## Plugin settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# All wanted plugins must be listed in mail_plugins setting before any of the
|
||||||
|
# settings take effect. See <doc/wiki/Plugins.txt> for list of plugins and
|
||||||
|
# their configuration. Note that %variable expansion is done for all values.
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
#setting_name = value
|
||||||
|
}
|
87
dovecot/conf.d/90-quota.conf
Normal file
87
dovecot/conf.d/90-quota.conf
Normal file
|
@ -0,0 +1,87 @@
|
||||||
|
##
|
||||||
|
## Quota configuration.
|
||||||
|
##
|
||||||
|
|
||||||
|
# Note that you also have to enable quota plugin in mail_plugins setting.
|
||||||
|
# <doc/wiki/Quota.txt>
|
||||||
|
|
||||||
|
##
|
||||||
|
## Quota limits
|
||||||
|
##
|
||||||
|
|
||||||
|
# Quota limits are set using "quota_rule" parameters. To get per-user quota
|
||||||
|
# limits, you can set/override them by returning "quota_rule" extra field
|
||||||
|
# from userdb. It's also possible to give mailbox-specific limits, for example
|
||||||
|
# to give additional 100 MB when saving to Trash:
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
quota_rule = *:storage=1G
|
||||||
|
quota_rule2 = Trash:storage=+100M
|
||||||
|
|
||||||
|
# LDA/LMTP allows saving the last mail to bring user from under quota to
|
||||||
|
# over quota, if the quota doesn't grow too high. Default is to allow as
|
||||||
|
# long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
|
||||||
|
#quota_grace = 10%%
|
||||||
|
|
||||||
|
# Quota plugin can also limit the maximum accepted mail size.
|
||||||
|
#quota_max_mail_size = 100M
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
## Quota warnings
|
||||||
|
##
|
||||||
|
|
||||||
|
# You can execute a given command when user exceeds a specified quota limit.
|
||||||
|
# Each quota root has separate limits. Only the command for the first
|
||||||
|
# exceeded limit is excecuted, so put the highest limit first.
|
||||||
|
# The commands are executed via script service by connecting to the named
|
||||||
|
# UNIX socket (quota-warning below).
|
||||||
|
# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
quota_warning = storage=100%% quota-warning +100 %u
|
||||||
|
quota_warning2 = storage=95%% quota-warning 95 %u
|
||||||
|
quota_warning3 = storage=90%% quota-warning 90 %u
|
||||||
|
quota_warning4 = storage=85%% quota-warning 85 %u
|
||||||
|
quota_warning5 = storage=80%% quota-warning 80 %u
|
||||||
|
quota_warning6 = -storage=100%% quota-warning -100 %u # user is no longer over quota
|
||||||
|
}
|
||||||
|
|
||||||
|
# Example quota-warning service. The unix listener's permissions should be
|
||||||
|
# set in a way that mail processes can connect to it. Below example assumes
|
||||||
|
# that mail processes run as vmail user. If you use mode=0666, all system users
|
||||||
|
# can generate quota warnings to anyone.
|
||||||
|
service quota-warning {
|
||||||
|
executable = script /usr/local/bin/quota-warning.sh
|
||||||
|
user = dovecot
|
||||||
|
unix_listener quota-warning {
|
||||||
|
user = vmail
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
## Quota backends
|
||||||
|
##
|
||||||
|
|
||||||
|
# Multiple backends are supported:
|
||||||
|
# dirsize: Find and sum all the files found from mail directory.
|
||||||
|
# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
|
||||||
|
# dict: Keep quota stored in dictionary (eg. SQL)
|
||||||
|
# maildir: Maildir++ quota
|
||||||
|
# fs: Read-only support for filesystem quota
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
#quota = dirsize:User quota
|
||||||
|
#quota = maildir:User quota
|
||||||
|
quota = dict:User quota::proxy::quota
|
||||||
|
#quota = fs:User quota
|
||||||
|
}
|
||||||
|
|
||||||
|
# Multiple quota roots are also possible, for example this gives each user
|
||||||
|
# their own 100MB quota and one shared 1GB quota within the domain:
|
||||||
|
plugin {
|
||||||
|
#quota = dict:user::proxy::quota
|
||||||
|
#quota2 = dict:domain:%d:proxy::quota_domain
|
||||||
|
#quota_rule = *:storage=102400
|
||||||
|
#quota2_rule = *:storage=1048576
|
||||||
|
}
|
83
dovecot/conf.d/90-quota.conf_original
Normal file
83
dovecot/conf.d/90-quota.conf_original
Normal file
|
@ -0,0 +1,83 @@
|
||||||
|
##
|
||||||
|
## Quota configuration.
|
||||||
|
##
|
||||||
|
|
||||||
|
# Note that you also have to enable quota plugin in mail_plugins setting.
|
||||||
|
# <doc/wiki/Quota.txt>
|
||||||
|
|
||||||
|
##
|
||||||
|
## Quota limits
|
||||||
|
##
|
||||||
|
|
||||||
|
# Quota limits are set using "quota_rule" parameters. To get per-user quota
|
||||||
|
# limits, you can set/override them by returning "quota_rule" extra field
|
||||||
|
# from userdb. It's also possible to give mailbox-specific limits, for example
|
||||||
|
# to give additional 100 MB when saving to Trash:
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
#quota_rule = *:storage=1G
|
||||||
|
#quota_rule2 = Trash:storage=+100M
|
||||||
|
|
||||||
|
# LDA/LMTP allows saving the last mail to bring user from under quota to
|
||||||
|
# over quota, if the quota doesn't grow too high. Default is to allow as
|
||||||
|
# long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
|
||||||
|
#quota_grace = 10%%
|
||||||
|
|
||||||
|
# Quota plugin can also limit the maximum accepted mail size.
|
||||||
|
#quota_max_mail_size = 100M
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
## Quota warnings
|
||||||
|
##
|
||||||
|
|
||||||
|
# You can execute a given command when user exceeds a specified quota limit.
|
||||||
|
# Each quota root has separate limits. Only the command for the first
|
||||||
|
# exceeded limit is excecuted, so put the highest limit first.
|
||||||
|
# The commands are executed via script service by connecting to the named
|
||||||
|
# UNIX socket (quota-warning below).
|
||||||
|
# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
#quota_warning = storage=95%% quota-warning 95 %u
|
||||||
|
#quota_warning2 = storage=80%% quota-warning 80 %u
|
||||||
|
}
|
||||||
|
|
||||||
|
# Example quota-warning service. The unix listener's permissions should be
|
||||||
|
# set in a way that mail processes can connect to it. Below example assumes
|
||||||
|
# that mail processes run as vmail user. If you use mode=0666, all system users
|
||||||
|
# can generate quota warnings to anyone.
|
||||||
|
#service quota-warning {
|
||||||
|
# executable = script /usr/local/bin/quota-warning.sh
|
||||||
|
# user = dovecot
|
||||||
|
# unix_listener quota-warning {
|
||||||
|
# user = vmail
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
##
|
||||||
|
## Quota backends
|
||||||
|
##
|
||||||
|
|
||||||
|
# Multiple backends are supported:
|
||||||
|
# dirsize: Find and sum all the files found from mail directory.
|
||||||
|
# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
|
||||||
|
# dict: Keep quota stored in dictionary (eg. SQL)
|
||||||
|
# maildir: Maildir++ quota
|
||||||
|
# fs: Read-only support for filesystem quota
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
#quota = dirsize:User quota
|
||||||
|
#quota = maildir:User quota
|
||||||
|
#quota = dict:User quota::proxy::quota
|
||||||
|
#quota = fs:User quota
|
||||||
|
}
|
||||||
|
|
||||||
|
# Multiple quota roots are also possible, for example this gives each user
|
||||||
|
# their own 100MB quota and one shared 1GB quota within the domain:
|
||||||
|
plugin {
|
||||||
|
#quota = dict:user::proxy::quota
|
||||||
|
#quota2 = dict:domain:%d:proxy::quota_domain
|
||||||
|
#quota_rule = *:storage=102400
|
||||||
|
#quota2_rule = *:storage=1048576
|
||||||
|
}
|
44
dovecot/conf.d/90-sieve-extprograms.conf
Normal file
44
dovecot/conf.d/90-sieve-extprograms.conf
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
# Sieve Extprograms plugin configuration
|
||||||
|
|
||||||
|
# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
|
||||||
|
# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
|
||||||
|
# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the
|
||||||
|
# sieve_extensions or sieve_global_extensions settings. Restricting these
|
||||||
|
# extensions to a global context using sieve_global_extensions is recommended.
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
|
||||||
|
# The directory where the program sockets are located for the
|
||||||
|
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
|
||||||
|
# respectively. The name of each unix socket contained in that directory
|
||||||
|
# directly maps to a program-name referenced from the Sieve script.
|
||||||
|
#sieve_pipe_socket_dir = sieve-pipe
|
||||||
|
#sieve_filter_socket_dir = sieve-filter
|
||||||
|
#sieve_execute_socket_dir = sieve-execute
|
||||||
|
|
||||||
|
# The directory where the scripts are located for direct execution by the
|
||||||
|
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
|
||||||
|
# respectively. The name of each script contained in that directory
|
||||||
|
# directly maps to a program-name referenced from the Sieve script.
|
||||||
|
#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
|
||||||
|
#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
|
||||||
|
#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
|
||||||
|
}
|
||||||
|
|
||||||
|
# An example program service called 'do-something' to pipe messages to
|
||||||
|
#service do-something {
|
||||||
|
# Define the executed script as parameter to the sieve service
|
||||||
|
#executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
|
||||||
|
|
||||||
|
# Use some unprivileged user for executing the program
|
||||||
|
#user = dovenull
|
||||||
|
|
||||||
|
# The unix socket located in the sieve_pipe_socket_dir (as defined in the
|
||||||
|
# plugin {} section above)
|
||||||
|
#unix_listener sieve-pipe/do-something {
|
||||||
|
# LDA/LMTP must have access
|
||||||
|
# user = vmail
|
||||||
|
# mode = 0600
|
||||||
|
#}
|
||||||
|
#}
|
||||||
|
|
217
dovecot/conf.d/90-sieve.conf
Normal file
217
dovecot/conf.d/90-sieve.conf
Normal file
|
@ -0,0 +1,217 @@
|
||||||
|
##
|
||||||
|
## Settings for the Sieve interpreter
|
||||||
|
##
|
||||||
|
|
||||||
|
# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
|
||||||
|
# by adding it to the respective mail_plugins= settings.
|
||||||
|
|
||||||
|
# The Sieve interpreter can retrieve Sieve scripts from several types of
|
||||||
|
# locations. The default `file' location type is a local filesystem path
|
||||||
|
# pointing to a Sieve script file or a directory containing multiple Sieve
|
||||||
|
# script files. More complex setups can use other location types such as
|
||||||
|
# `ldap' or `dict' to fetch Sieve scripts from remote databases.
|
||||||
|
#
|
||||||
|
# All settings that specify the location of one ore more Sieve scripts accept
|
||||||
|
# the following syntax:
|
||||||
|
#
|
||||||
|
# location = [<type>:]path[;<option>[=<value>][;...]]
|
||||||
|
#
|
||||||
|
# If the type prefix is omitted, the script location type is 'file' and the
|
||||||
|
# location is interpreted as a local filesystem path pointing to a Sieve script
|
||||||
|
# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
|
||||||
|
# information.
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
# The location of the user's main Sieve script or script storage. The LDA
|
||||||
|
# Sieve plugin uses this to find the active script for Sieve filtering at
|
||||||
|
# delivery. The "include" extension uses this location for retrieving
|
||||||
|
# :personal" scripts. This is also where the ManageSieve service will store
|
||||||
|
# the user's scripts, if supported.
|
||||||
|
#
|
||||||
|
# Currently only the 'file:' location type supports ManageSieve operation.
|
||||||
|
# Other location types like 'dict:' and 'ldap:' can currently only
|
||||||
|
# be used as a read-only script source ().
|
||||||
|
#
|
||||||
|
# For the 'file:' type: use the ';active=' parameter to specify where the
|
||||||
|
# active script symlink is located.
|
||||||
|
# For other types: use the ';name=' parameter to specify the name of the
|
||||||
|
# default/active script.
|
||||||
|
sieve = /mailstore/vmail/%d/%n/sieve/dovecot.sieve
|
||||||
|
sieve_dir = /mailstore/vmail/%d/%n/sieve
|
||||||
|
sieve_global_path = /usr/lib64/dovecot/sieve/default.sieve
|
||||||
|
sieve_global_dir = /usr/lib64/dovecot/sieve/global/
|
||||||
|
|
||||||
|
# The default Sieve script when the user has none. This is the location of a
|
||||||
|
# global sieve script file, which gets executed ONLY if user's personal Sieve
|
||||||
|
# script doesn't exist. Be sure to pre-compile this script manually using the
|
||||||
|
# sievec command line tool if the binary is not stored in a global location.
|
||||||
|
# --> See sieve_before for executing scripts before the user's personal
|
||||||
|
# script.
|
||||||
|
#sieve_default = /var/lib/dovecot/sieve/default.sieve
|
||||||
|
|
||||||
|
# The name by which the default Sieve script (as configured by the
|
||||||
|
# sieve_default setting) is visible to the user through ManageSieve.
|
||||||
|
#sieve_default_name =
|
||||||
|
|
||||||
|
# Location for ":global" include scripts as used by the "include" extension.
|
||||||
|
#sieve_global =
|
||||||
|
|
||||||
|
# The location of a Sieve script that is run for any message that is about to
|
||||||
|
# be discarded; i.e., it is not delivered anywhere by the normal Sieve
|
||||||
|
# execution. This only happens when the "implicit keep" is canceled, by e.g.
|
||||||
|
# the "discard" action, and no actions that deliver the message are executed.
|
||||||
|
# This "discard script" can prevent discarding the message, by executing
|
||||||
|
# alternative actions. If the discard script does nothing, the message is
|
||||||
|
# still discarded as it would be when no discard script is configured.
|
||||||
|
#sieve_discard =
|
||||||
|
|
||||||
|
# Location Sieve of scripts that need to be executed before the user's
|
||||||
|
# personal script. If a 'file' location path points to a directory, all the
|
||||||
|
# Sieve scripts contained therein (with the proper `.sieve' extension) are
|
||||||
|
# executed. The order of execution within that directory is determined by the
|
||||||
|
# file names, using a normal 8bit per-character comparison.
|
||||||
|
#
|
||||||
|
# Multiple script locations can be specified by appending an increasing number
|
||||||
|
# to the setting name. The Sieve scripts found from these locations are added
|
||||||
|
# to the script execution sequence in the specified order. Reading the
|
||||||
|
# numbered sieve_before settings stops at the first missing setting, so no
|
||||||
|
# numbers may be skipped.
|
||||||
|
#sieve_before = /var/lib/dovecot/sieve.d/
|
||||||
|
#sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
|
||||||
|
#sieve_before3 = (etc...)
|
||||||
|
|
||||||
|
# Identical to sieve_before, only the specified scripts are executed after the
|
||||||
|
# user's script (only when keep is still in effect!). Multiple script
|
||||||
|
# locations can be specified by appending an increasing number.
|
||||||
|
#sieve_after =
|
||||||
|
#sieve_after2 =
|
||||||
|
#sieve_after2 = (etc...)
|
||||||
|
|
||||||
|
# Which Sieve language extensions are available to users. By default, all
|
||||||
|
# supported extensions are available, except for deprecated extensions or
|
||||||
|
# those that are still under development. Some system administrators may want
|
||||||
|
# to disable certain Sieve extensions or enable those that are not available
|
||||||
|
# by default. This setting can use '+' and '-' to specify differences relative
|
||||||
|
# to the default. For example `sieve_extensions = +imapflags' will enable the
|
||||||
|
# deprecated imapflags extension in addition to all extensions were already
|
||||||
|
# enabled by default.
|
||||||
|
#sieve_extensions = +notify +imapflags
|
||||||
|
|
||||||
|
# Which Sieve language extensions are ONLY available in global scripts. This
|
||||||
|
# can be used to restrict the use of certain Sieve extensions to administrator
|
||||||
|
# control, for instance when these extensions can cause security concerns.
|
||||||
|
# This setting has higher precedence than the `sieve_extensions' setting
|
||||||
|
# (above), meaning that the extensions enabled with this setting are never
|
||||||
|
# available to the user's personal script no matter what is specified for the
|
||||||
|
# `sieve_extensions' setting. The syntax of this setting is similar to the
|
||||||
|
# `sieve_extensions' setting, with the difference that extensions are
|
||||||
|
# enabled or disabled for exclusive use in global scripts. Currently, no
|
||||||
|
# extensions are marked as such by default.
|
||||||
|
#sieve_global_extensions =
|
||||||
|
|
||||||
|
# The Pigeonhole Sieve interpreter can have plugins of its own. Using this
|
||||||
|
# setting, the used plugins can be specified. Check the Dovecot wiki
|
||||||
|
# (wiki2.dovecot.org) or the pigeonhole website
|
||||||
|
# (http://pigeonhole.dovecot.org) for available plugins.
|
||||||
|
# The sieve_extprograms plugin is included in this release.
|
||||||
|
#sieve_plugins =
|
||||||
|
|
||||||
|
# The separator that is expected between the :user and :detail
|
||||||
|
# address parts introduced by the subaddress extension. This may
|
||||||
|
# also be a sequence of characters (e.g. '--'). The current
|
||||||
|
# implementation looks for the separator from the left of the
|
||||||
|
# localpart and uses the first one encountered. The :user part is
|
||||||
|
# left of the separator and the :detail part is right. This setting
|
||||||
|
# is also used by Dovecot's LMTP service.
|
||||||
|
#recipient_delimiter = +
|
||||||
|
|
||||||
|
# The maximum size of a Sieve script. The compiler will refuse to compile any
|
||||||
|
# script larger than this limit. If set to 0, no limit on the script size is
|
||||||
|
# enforced.
|
||||||
|
#sieve_max_script_size = 1M
|
||||||
|
|
||||||
|
# The maximum number of actions that can be performed during a single script
|
||||||
|
# execution. If set to 0, no limit on the total number of actions is enforced.
|
||||||
|
#sieve_max_actions = 32
|
||||||
|
|
||||||
|
# The maximum number of redirect actions that can be performed during a single
|
||||||
|
# script execution. If set to 0, no redirect actions are allowed.
|
||||||
|
#sieve_max_redirects = 4
|
||||||
|
|
||||||
|
# The maximum number of personal Sieve scripts a single user can have. If set
|
||||||
|
# to 0, no limit on the number of scripts is enforced.
|
||||||
|
# (Currently only relevant for ManageSieve)
|
||||||
|
#sieve_quota_max_scripts = 0
|
||||||
|
|
||||||
|
# The maximum amount of disk storage a single user's scripts may occupy. If
|
||||||
|
# set to 0, no limit on the used amount of disk storage is enforced.
|
||||||
|
# (Currently only relevant for ManageSieve)
|
||||||
|
#sieve_quota_max_storage = 0
|
||||||
|
|
||||||
|
# The primary e-mail address for the user. This is used as a default when no
|
||||||
|
# other appropriate address is available for sending messages. If this setting
|
||||||
|
# is not configured, either the postmaster or null "<>" address is used as a
|
||||||
|
# sender, depending on the action involved. This setting is important when
|
||||||
|
# there is no message envelope to extract addresses from, such as when the
|
||||||
|
# script is executed in IMAP.
|
||||||
|
#sieve_user_email =
|
||||||
|
|
||||||
|
# The path to the file where the user log is written. If not configured, a
|
||||||
|
# default location is used. If the main user's personal Sieve (as configured
|
||||||
|
# with sieve=) is a file, the logfile is set to <filename>.log by default. If
|
||||||
|
# it is not a file, the default user log file is ~/.dovecot.sieve.log.
|
||||||
|
#sieve_user_log =
|
||||||
|
|
||||||
|
# Specifies what envelope sender address is used for redirected messages.
|
||||||
|
# The following values are supported for this setting:
|
||||||
|
#
|
||||||
|
# "sender" - The sender address is used (default).
|
||||||
|
# "recipient" - The final recipient address is used.
|
||||||
|
# "orig_recipient" - The original recipient is used.
|
||||||
|
# "user_email" - The user's primary address is used. This is
|
||||||
|
# configured with the "sieve_user_email" setting. If
|
||||||
|
# that setting is unconfigured, "user_mail" is equal to
|
||||||
|
# "recipient".
|
||||||
|
# "postmaster" - The postmaster_address configured for the LDA.
|
||||||
|
# "<user@domain>" - Redirected messages are always sent from user@domain.
|
||||||
|
# The angle brackets are mandatory. The null "<>" address
|
||||||
|
# is also supported.
|
||||||
|
#
|
||||||
|
# This setting is ignored when the envelope sender is "<>". In that case the
|
||||||
|
# sender of the redirected message is also always "<>".
|
||||||
|
#sieve_redirect_envelope_from = sender
|
||||||
|
|
||||||
|
## TRACE DEBUGGING
|
||||||
|
# Trace debugging provides detailed insight in the operations performed by
|
||||||
|
# the Sieve script. These settings apply to both the LDA Sieve plugin and the
|
||||||
|
# IMAPSIEVE plugin.
|
||||||
|
#
|
||||||
|
# WARNING: On a busy server, this functionality can quickly fill up the trace
|
||||||
|
# directory with a lot of trace files. Enable this only temporarily and as
|
||||||
|
# selective as possible.
|
||||||
|
|
||||||
|
# The directory where trace files are written. Trace debugging is disabled if
|
||||||
|
# this setting is not configured or if the directory does not exist. If the
|
||||||
|
# path is relative or it starts with "~/" it is interpreted relative to the
|
||||||
|
# current user's home directory.
|
||||||
|
#sieve_trace_dir =
|
||||||
|
|
||||||
|
# The verbosity level of the trace messages. Trace debugging is disabled if
|
||||||
|
# this setting is not configured. Possible values are:
|
||||||
|
#
|
||||||
|
# "actions" - Only print executed action commands, like keep,
|
||||||
|
# fileinto, reject and redirect.
|
||||||
|
# "commands" - Print any executed command, excluding test commands.
|
||||||
|
# "tests" - Print all executed commands and performed tests.
|
||||||
|
# "matching" - Print all executed commands, performed tests and the
|
||||||
|
# values matched in those tests.
|
||||||
|
#sieve_trace_level =
|
||||||
|
|
||||||
|
# Enables highly verbose debugging messages that are usually only useful for
|
||||||
|
# developers.
|
||||||
|
#sieve_trace_debug = no
|
||||||
|
|
||||||
|
# Enables showing byte code addresses in the trace output, rather than only
|
||||||
|
# the source line numbers.
|
||||||
|
#sieve_trace_addresses = no
|
||||||
|
}
|
214
dovecot/conf.d/90-sieve.conf_original
Normal file
214
dovecot/conf.d/90-sieve.conf_original
Normal file
|
@ -0,0 +1,214 @@
|
||||||
|
##
|
||||||
|
## Settings for the Sieve interpreter
|
||||||
|
##
|
||||||
|
|
||||||
|
# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
|
||||||
|
# by adding it to the respective mail_plugins= settings.
|
||||||
|
|
||||||
|
# The Sieve interpreter can retrieve Sieve scripts from several types of
|
||||||
|
# locations. The default `file' location type is a local filesystem path
|
||||||
|
# pointing to a Sieve script file or a directory containing multiple Sieve
|
||||||
|
# script files. More complex setups can use other location types such as
|
||||||
|
# `ldap' or `dict' to fetch Sieve scripts from remote databases.
|
||||||
|
#
|
||||||
|
# All settings that specify the location of one ore more Sieve scripts accept
|
||||||
|
# the following syntax:
|
||||||
|
#
|
||||||
|
# location = [<type>:]path[;<option>[=<value>][;...]]
|
||||||
|
#
|
||||||
|
# If the type prefix is omitted, the script location type is 'file' and the
|
||||||
|
# location is interpreted as a local filesystem path pointing to a Sieve script
|
||||||
|
# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
|
||||||
|
# information.
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
# The location of the user's main Sieve script or script storage. The LDA
|
||||||
|
# Sieve plugin uses this to find the active script for Sieve filtering at
|
||||||
|
# delivery. The "include" extension uses this location for retrieving
|
||||||
|
# :personal" scripts. This is also where the ManageSieve service will store
|
||||||
|
# the user's scripts, if supported.
|
||||||
|
#
|
||||||
|
# Currently only the 'file:' location type supports ManageSieve operation.
|
||||||
|
# Other location types like 'dict:' and 'ldap:' can currently only
|
||||||
|
# be used as a read-only script source ().
|
||||||
|
#
|
||||||
|
# For the 'file:' type: use the ';active=' parameter to specify where the
|
||||||
|
# active script symlink is located.
|
||||||
|
# For other types: use the ';name=' parameter to specify the name of the
|
||||||
|
# default/active script.
|
||||||
|
sieve = file:~/sieve;active=~/.dovecot.sieve
|
||||||
|
|
||||||
|
# The default Sieve script when the user has none. This is the location of a
|
||||||
|
# global sieve script file, which gets executed ONLY if user's personal Sieve
|
||||||
|
# script doesn't exist. Be sure to pre-compile this script manually using the
|
||||||
|
# sievec command line tool if the binary is not stored in a global location.
|
||||||
|
# --> See sieve_before for executing scripts before the user's personal
|
||||||
|
# script.
|
||||||
|
#sieve_default = /var/lib/dovecot/sieve/default.sieve
|
||||||
|
|
||||||
|
# The name by which the default Sieve script (as configured by the
|
||||||
|
# sieve_default setting) is visible to the user through ManageSieve.
|
||||||
|
#sieve_default_name =
|
||||||
|
|
||||||
|
# Location for ":global" include scripts as used by the "include" extension.
|
||||||
|
#sieve_global =
|
||||||
|
|
||||||
|
# The location of a Sieve script that is run for any message that is about to
|
||||||
|
# be discarded; i.e., it is not delivered anywhere by the normal Sieve
|
||||||
|
# execution. This only happens when the "implicit keep" is canceled, by e.g.
|
||||||
|
# the "discard" action, and no actions that deliver the message are executed.
|
||||||
|
# This "discard script" can prevent discarding the message, by executing
|
||||||
|
# alternative actions. If the discard script does nothing, the message is
|
||||||
|
# still discarded as it would be when no discard script is configured.
|
||||||
|
#sieve_discard =
|
||||||
|
|
||||||
|
# Location Sieve of scripts that need to be executed before the user's
|
||||||
|
# personal script. If a 'file' location path points to a directory, all the
|
||||||
|
# Sieve scripts contained therein (with the proper `.sieve' extension) are
|
||||||
|
# executed. The order of execution within that directory is determined by the
|
||||||
|
# file names, using a normal 8bit per-character comparison.
|
||||||
|
#
|
||||||
|
# Multiple script locations can be specified by appending an increasing number
|
||||||
|
# to the setting name. The Sieve scripts found from these locations are added
|
||||||
|
# to the script execution sequence in the specified order. Reading the
|
||||||
|
# numbered sieve_before settings stops at the first missing setting, so no
|
||||||
|
# numbers may be skipped.
|
||||||
|
#sieve_before = /var/lib/dovecot/sieve.d/
|
||||||
|
#sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
|
||||||
|
#sieve_before3 = (etc...)
|
||||||
|
|
||||||
|
# Identical to sieve_before, only the specified scripts are executed after the
|
||||||
|
# user's script (only when keep is still in effect!). Multiple script
|
||||||
|
# locations can be specified by appending an increasing number.
|
||||||
|
#sieve_after =
|
||||||
|
#sieve_after2 =
|
||||||
|
#sieve_after2 = (etc...)
|
||||||
|
|
||||||
|
# Which Sieve language extensions are available to users. By default, all
|
||||||
|
# supported extensions are available, except for deprecated extensions or
|
||||||
|
# those that are still under development. Some system administrators may want
|
||||||
|
# to disable certain Sieve extensions or enable those that are not available
|
||||||
|
# by default. This setting can use '+' and '-' to specify differences relative
|
||||||
|
# to the default. For example `sieve_extensions = +imapflags' will enable the
|
||||||
|
# deprecated imapflags extension in addition to all extensions were already
|
||||||
|
# enabled by default.
|
||||||
|
#sieve_extensions = +notify +imapflags
|
||||||
|
|
||||||
|
# Which Sieve language extensions are ONLY available in global scripts. This
|
||||||
|
# can be used to restrict the use of certain Sieve extensions to administrator
|
||||||
|
# control, for instance when these extensions can cause security concerns.
|
||||||
|
# This setting has higher precedence than the `sieve_extensions' setting
|
||||||
|
# (above), meaning that the extensions enabled with this setting are never
|
||||||
|
# available to the user's personal script no matter what is specified for the
|
||||||
|
# `sieve_extensions' setting. The syntax of this setting is similar to the
|
||||||
|
# `sieve_extensions' setting, with the difference that extensions are
|
||||||
|
# enabled or disabled for exclusive use in global scripts. Currently, no
|
||||||
|
# extensions are marked as such by default.
|
||||||
|
#sieve_global_extensions =
|
||||||
|
|
||||||
|
# The Pigeonhole Sieve interpreter can have plugins of its own. Using this
|
||||||
|
# setting, the used plugins can be specified. Check the Dovecot wiki
|
||||||
|
# (wiki2.dovecot.org) or the pigeonhole website
|
||||||
|
# (http://pigeonhole.dovecot.org) for available plugins.
|
||||||
|
# The sieve_extprograms plugin is included in this release.
|
||||||
|
#sieve_plugins =
|
||||||
|
|
||||||
|
# The separator that is expected between the :user and :detail
|
||||||
|
# address parts introduced by the subaddress extension. This may
|
||||||
|
# also be a sequence of characters (e.g. '--'). The current
|
||||||
|
# implementation looks for the separator from the left of the
|
||||||
|
# localpart and uses the first one encountered. The :user part is
|
||||||
|
# left of the separator and the :detail part is right. This setting
|
||||||
|
# is also used by Dovecot's LMTP service.
|
||||||
|
#recipient_delimiter = +
|
||||||
|
|
||||||
|
# The maximum size of a Sieve script. The compiler will refuse to compile any
|
||||||
|
# script larger than this limit. If set to 0, no limit on the script size is
|
||||||
|
# enforced.
|
||||||
|
#sieve_max_script_size = 1M
|
||||||
|
|
||||||
|
# The maximum number of actions that can be performed during a single script
|
||||||
|
# execution. If set to 0, no limit on the total number of actions is enforced.
|
||||||
|
#sieve_max_actions = 32
|
||||||
|
|
||||||
|
# The maximum number of redirect actions that can be performed during a single
|
||||||
|
# script execution. If set to 0, no redirect actions are allowed.
|
||||||
|
#sieve_max_redirects = 4
|
||||||
|
|
||||||
|
# The maximum number of personal Sieve scripts a single user can have. If set
|
||||||
|
# to 0, no limit on the number of scripts is enforced.
|
||||||
|
# (Currently only relevant for ManageSieve)
|
||||||
|
#sieve_quota_max_scripts = 0
|
||||||
|
|
||||||
|
# The maximum amount of disk storage a single user's scripts may occupy. If
|
||||||
|
# set to 0, no limit on the used amount of disk storage is enforced.
|
||||||
|
# (Currently only relevant for ManageSieve)
|
||||||
|
#sieve_quota_max_storage = 0
|
||||||
|
|
||||||
|
# The primary e-mail address for the user. This is used as a default when no
|
||||||
|
# other appropriate address is available for sending messages. If this setting
|
||||||
|
# is not configured, either the postmaster or null "<>" address is used as a
|
||||||
|
# sender, depending on the action involved. This setting is important when
|
||||||
|
# there is no message envelope to extract addresses from, such as when the
|
||||||
|
# script is executed in IMAP.
|
||||||
|
#sieve_user_email =
|
||||||
|
|
||||||
|
# The path to the file where the user log is written. If not configured, a
|
||||||
|
# default location is used. If the main user's personal Sieve (as configured
|
||||||
|
# with sieve=) is a file, the logfile is set to <filename>.log by default. If
|
||||||
|
# it is not a file, the default user log file is ~/.dovecot.sieve.log.
|
||||||
|
#sieve_user_log =
|
||||||
|
|
||||||
|
# Specifies what envelope sender address is used for redirected messages.
|
||||||
|
# The following values are supported for this setting:
|
||||||
|
#
|
||||||
|
# "sender" - The sender address is used (default).
|
||||||
|
# "recipient" - The final recipient address is used.
|
||||||
|
# "orig_recipient" - The original recipient is used.
|
||||||
|
# "user_email" - The user's primary address is used. This is
|
||||||
|
# configured with the "sieve_user_email" setting. If
|
||||||
|
# that setting is unconfigured, "user_mail" is equal to
|
||||||
|
# "recipient".
|
||||||
|
# "postmaster" - The postmaster_address configured for the LDA.
|
||||||
|
# "<user@domain>" - Redirected messages are always sent from user@domain.
|
||||||
|
# The angle brackets are mandatory. The null "<>" address
|
||||||
|
# is also supported.
|
||||||
|
#
|
||||||
|
# This setting is ignored when the envelope sender is "<>". In that case the
|
||||||
|
# sender of the redirected message is also always "<>".
|
||||||
|
#sieve_redirect_envelope_from = sender
|
||||||
|
|
||||||
|
## TRACE DEBUGGING
|
||||||
|
# Trace debugging provides detailed insight in the operations performed by
|
||||||
|
# the Sieve script. These settings apply to both the LDA Sieve plugin and the
|
||||||
|
# IMAPSIEVE plugin.
|
||||||
|
#
|
||||||
|
# WARNING: On a busy server, this functionality can quickly fill up the trace
|
||||||
|
# directory with a lot of trace files. Enable this only temporarily and as
|
||||||
|
# selective as possible.
|
||||||
|
|
||||||
|
# The directory where trace files are written. Trace debugging is disabled if
|
||||||
|
# this setting is not configured or if the directory does not exist. If the
|
||||||
|
# path is relative or it starts with "~/" it is interpreted relative to the
|
||||||
|
# current user's home directory.
|
||||||
|
#sieve_trace_dir =
|
||||||
|
|
||||||
|
# The verbosity level of the trace messages. Trace debugging is disabled if
|
||||||
|
# this setting is not configured. Possible values are:
|
||||||
|
#
|
||||||
|
# "actions" - Only print executed action commands, like keep,
|
||||||
|
# fileinto, reject and redirect.
|
||||||
|
# "commands" - Print any executed command, excluding test commands.
|
||||||
|
# "tests" - Print all executed commands and performed tests.
|
||||||
|
# "matching" - Print all executed commands, performed tests and the
|
||||||
|
# values matched in those tests.
|
||||||
|
#sieve_trace_level =
|
||||||
|
|
||||||
|
# Enables highly verbose debugging messages that are usually only useful for
|
||||||
|
# developers.
|
||||||
|
#sieve_trace_debug = no
|
||||||
|
|
||||||
|
# Enables showing byte code addresses in the trace output, rather than only
|
||||||
|
# the source line numbers.
|
||||||
|
#sieve_trace_addresses = no
|
||||||
|
}
|
21
dovecot/conf.d/auth-checkpassword.conf.ext
Normal file
21
dovecot/conf.d/auth-checkpassword.conf.ext
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Authentication for checkpassword users. Included from 10-auth.conf.
|
||||||
|
#
|
||||||
|
# <doc/wiki/AuthDatabase.CheckPassword.txt>
|
||||||
|
|
||||||
|
passdb {
|
||||||
|
driver = checkpassword
|
||||||
|
args = /usr/bin/checkpassword
|
||||||
|
}
|
||||||
|
|
||||||
|
# passdb lookup should return also userdb info
|
||||||
|
userdb {
|
||||||
|
driver = prefetch
|
||||||
|
}
|
||||||
|
|
||||||
|
# Standard checkpassword doesn't support direct userdb lookups.
|
||||||
|
# If you need checkpassword userdb, the checkpassword must support
|
||||||
|
# Dovecot-specific extensions.
|
||||||
|
#userdb {
|
||||||
|
# driver = checkpassword
|
||||||
|
# args = /usr/bin/checkpassword
|
||||||
|
#}
|
15
dovecot/conf.d/auth-deny.conf.ext
Normal file
15
dovecot/conf.d/auth-deny.conf.ext
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# Deny access for users. Included from 10-auth.conf.
|
||||||
|
|
||||||
|
# Users can be (temporarily) disabled by adding a passdb with deny=yes.
|
||||||
|
# If the user is found from that database, authentication will fail.
|
||||||
|
# The deny passdb should always be specified before others, so it gets
|
||||||
|
# checked first.
|
||||||
|
|
||||||
|
# Example deny passdb using passwd-file. You can use any passdb though.
|
||||||
|
passdb {
|
||||||
|
driver = passwd-file
|
||||||
|
deny = yes
|
||||||
|
|
||||||
|
# File contains a list of usernames, one per line
|
||||||
|
args = /etc/dovecot/deny-users
|
||||||
|
}
|
16
dovecot/conf.d/auth-dict.conf.ext
Normal file
16
dovecot/conf.d/auth-dict.conf.ext
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# Authentication via dict backend. Included from 10-auth.conf.
|
||||||
|
#
|
||||||
|
# <doc/wiki/AuthDatabase.Dict.txt>
|
||||||
|
|
||||||
|
passdb {
|
||||||
|
driver = dict
|
||||||
|
|
||||||
|
# Path for dict configuration file, see
|
||||||
|
# example-config/dovecot-dict-auth.conf.ext
|
||||||
|
args = /etc/dovecot/dovecot-dict-auth.conf.ext
|
||||||
|
}
|
||||||
|
|
||||||
|
userdb {
|
||||||
|
driver = dict
|
||||||
|
args = /etc/dovecot/dovecot-dict-auth.conf.ext
|
||||||
|
}
|
33
dovecot/conf.d/auth-ldap.conf.ext
Normal file
33
dovecot/conf.d/auth-ldap.conf.ext
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Authentication for LDAP users. Included from 10-auth.conf.
|
||||||
|
#
|
||||||
|
# <doc/wiki/AuthDatabase.LDAP.txt>
|
||||||
|
|
||||||
|
passdb {
|
||||||
|
driver = ldap
|
||||||
|
|
||||||
|
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
|
||||||
|
args = /etc/dovecot/dovecot-ldap.conf.ext
|
||||||
|
}
|
||||||
|
|
||||||
|
# "prefetch" user database means that the passdb already provided the
|
||||||
|
# needed information and there's no need to do a separate userdb lookup.
|
||||||
|
# <doc/wiki/UserDatabase.Prefetch.txt>
|
||||||
|
#userdb {
|
||||||
|
# driver = prefetch
|
||||||
|
#}
|
||||||
|
|
||||||
|
userdb {
|
||||||
|
driver = ldap
|
||||||
|
args = /etc/dovecot/dovecot-ldap.conf.ext
|
||||||
|
|
||||||
|
# Default fields can be used to specify defaults that LDAP may override
|
||||||
|
#default_fields = home=/home/virtual/%u
|
||||||
|
}
|
||||||
|
|
||||||
|
# If you don't have any user-specific settings, you can avoid the userdb LDAP
|
||||||
|
# lookup by using userdb static instead of userdb ldap, for example:
|
||||||
|
# <doc/wiki/UserDatabase.Static.txt>
|
||||||
|
#userdb {
|
||||||
|
#driver = static
|
||||||
|
#args = uid=vmail gid=vmail home=/var/vmail/%u
|
||||||
|
#}
|
16
dovecot/conf.d/auth-master.conf.ext
Normal file
16
dovecot/conf.d/auth-master.conf.ext
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# Authentication for master users. Included from 10-auth.conf.
|
||||||
|
|
||||||
|
# By adding master=yes setting inside a passdb you make the passdb a list
|
||||||
|
# of "master users", who can log in as anyone else.
|
||||||
|
# <doc/wiki/Authentication.MasterUsers.txt>
|
||||||
|
|
||||||
|
# Example master user passdb using passwd-file. You can use any passdb though.
|
||||||
|
passdb {
|
||||||
|
driver = passwd-file
|
||||||
|
master = yes
|
||||||
|
args = /etc/dovecot/master-users
|
||||||
|
|
||||||
|
# Unless you're using PAM, you probably still want the destination user to
|
||||||
|
# be looked up from passdb that it really exists. pass=yes does that.
|
||||||
|
pass = yes
|
||||||
|
}
|
20
dovecot/conf.d/auth-passwdfile.conf.ext
Normal file
20
dovecot/conf.d/auth-passwdfile.conf.ext
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# Authentication for passwd-file users. Included from 10-auth.conf.
|
||||||
|
#
|
||||||
|
# passwd-like file with specified location.
|
||||||
|
# <doc/wiki/AuthDatabase.PasswdFile.txt>
|
||||||
|
|
||||||
|
passdb {
|
||||||
|
driver = passwd-file
|
||||||
|
args = scheme=CRYPT username_format=%u /etc/dovecot/users
|
||||||
|
}
|
||||||
|
|
||||||
|
userdb {
|
||||||
|
driver = passwd-file
|
||||||
|
args = username_format=%u /etc/dovecot/users
|
||||||
|
|
||||||
|
# Default fields that can be overridden by passwd-file
|
||||||
|
#default_fields = quota_rule=*:storage=1G
|
||||||
|
|
||||||
|
# Override fields from passwd-file
|
||||||
|
#override_fields = home=/home/virtual/%u
|
||||||
|
}
|
30
dovecot/conf.d/auth-sql.conf.ext
Normal file
30
dovecot/conf.d/auth-sql.conf.ext
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
# Authentication for SQL users. Included from 10-auth.conf.
|
||||||
|
#
|
||||||
|
# <doc/wiki/AuthDatabase.SQL.txt>
|
||||||
|
|
||||||
|
passdb {
|
||||||
|
driver = sql
|
||||||
|
|
||||||
|
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
|
||||||
|
args = /etc/dovecot/dovecot-sql.conf.ext
|
||||||
|
}
|
||||||
|
|
||||||
|
# "prefetch" user database means that the passdb already provided the
|
||||||
|
# needed information and there's no need to do a separate userdb lookup.
|
||||||
|
# <doc/wiki/UserDatabase.Prefetch.txt>
|
||||||
|
#userdb {
|
||||||
|
# driver = prefetch
|
||||||
|
#}
|
||||||
|
|
||||||
|
userdb {
|
||||||
|
driver = sql
|
||||||
|
args = /etc/dovecot/dovecot-sql.conf.ext
|
||||||
|
}
|
||||||
|
|
||||||
|
# If you don't have any user-specific settings, you can avoid the user_query
|
||||||
|
# by using userdb static instead of userdb sql, for example:
|
||||||
|
# <doc/wiki/UserDatabase.Static.txt>
|
||||||
|
#userdb {
|
||||||
|
#driver = static
|
||||||
|
#args = uid=vmail gid=vmail home=/var/vmail/%u
|
||||||
|
#}
|
24
dovecot/conf.d/auth-static.conf.ext
Normal file
24
dovecot/conf.d/auth-static.conf.ext
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# Static passdb. Included from 10-auth.conf.
|
||||||
|
|
||||||
|
# This can be used for situations where Dovecot doesn't need to verify the
|
||||||
|
# username or the password, or if there is a single password for all users:
|
||||||
|
#
|
||||||
|
# - proxy frontend, where the backend verifies the password
|
||||||
|
# - proxy backend, where the frontend already verified the password
|
||||||
|
# - authentication with SSL certificates
|
||||||
|
# - simple testing
|
||||||
|
|
||||||
|
#passdb {
|
||||||
|
# driver = static
|
||||||
|
# args = proxy=y host=%1Mu.example.com nopassword=y
|
||||||
|
#}
|
||||||
|
|
||||||
|
#passdb {
|
||||||
|
# driver = static
|
||||||
|
# args = password=test
|
||||||
|
#}
|
||||||
|
|
||||||
|
#userdb {
|
||||||
|
# driver = static
|
||||||
|
# args = uid=vmail gid=vmail home=/home/%u
|
||||||
|
#}
|
74
dovecot/conf.d/auth-system.conf.ext
Normal file
74
dovecot/conf.d/auth-system.conf.ext
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
# Authentication for system users. Included from 10-auth.conf.
|
||||||
|
#
|
||||||
|
# <doc/wiki/PasswordDatabase.txt>
|
||||||
|
# <doc/wiki/UserDatabase.txt>
|
||||||
|
|
||||||
|
# PAM authentication. Preferred nowadays by most systems.
|
||||||
|
# PAM is typically used with either userdb passwd or userdb static.
|
||||||
|
# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
|
||||||
|
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
|
||||||
|
passdb {
|
||||||
|
driver = pam
|
||||||
|
# [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
|
||||||
|
# [cache_key=<key>] [<service name>]
|
||||||
|
#args = dovecot
|
||||||
|
}
|
||||||
|
|
||||||
|
# System users (NSS, /etc/passwd, or similiar).
|
||||||
|
# In many systems nowadays this uses Name Service Switch, which is
|
||||||
|
# configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
|
||||||
|
#passdb {
|
||||||
|
#driver = passwd
|
||||||
|
# [blocking=no]
|
||||||
|
#args =
|
||||||
|
#}
|
||||||
|
|
||||||
|
# Shadow passwords for system users (NSS, /etc/shadow or similiar).
|
||||||
|
# Deprecated by PAM nowadays.
|
||||||
|
# <doc/wiki/PasswordDatabase.Shadow.txt>
|
||||||
|
#passdb {
|
||||||
|
#driver = shadow
|
||||||
|
# [blocking=no]
|
||||||
|
#args =
|
||||||
|
#}
|
||||||
|
|
||||||
|
# PAM-like authentication for OpenBSD.
|
||||||
|
# <doc/wiki/PasswordDatabase.BSDAuth.txt>
|
||||||
|
#passdb {
|
||||||
|
#driver = bsdauth
|
||||||
|
# [blocking=no] [cache_key=<key>]
|
||||||
|
#args =
|
||||||
|
#}
|
||||||
|
|
||||||
|
##
|
||||||
|
## User databases
|
||||||
|
##
|
||||||
|
|
||||||
|
# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
|
||||||
|
# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
|
||||||
|
userdb {
|
||||||
|
# <doc/wiki/AuthDatabase.Passwd.txt>
|
||||||
|
driver = passwd
|
||||||
|
# [blocking=no]
|
||||||
|
#args =
|
||||||
|
|
||||||
|
# Override fields from passwd
|
||||||
|
#override_fields = home=/home/virtual/%u
|
||||||
|
}
|
||||||
|
|
||||||
|
# Static settings generated from template <doc/wiki/UserDatabase.Static.txt>
|
||||||
|
#userdb {
|
||||||
|
#driver = static
|
||||||
|
# Can return anything a userdb could normally return. For example:
|
||||||
|
#
|
||||||
|
# args = uid=500 gid=500 home=/var/mail/%u
|
||||||
|
#
|
||||||
|
# LDA and LMTP needs to look up users only from the userdb. This of course
|
||||||
|
# doesn't work with static userdb because there is no list of users.
|
||||||
|
# Normally static userdb handles this by doing a passdb lookup. This works
|
||||||
|
# with most passdbs, with PAM being the most notable exception. If you do
|
||||||
|
# the user verification another way, you can add allow_all_users=yes to
|
||||||
|
# the args in which case the passdb lookup is skipped.
|
||||||
|
#
|
||||||
|
#args =
|
||||||
|
#}
|
17
dovecot/conf.d/auth-vpopmail.conf.ext
Normal file
17
dovecot/conf.d/auth-vpopmail.conf.ext
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# Authentication for vpopmail users. Included from 10-auth.conf.
|
||||||
|
#
|
||||||
|
# <doc/wiki/AuthDatabase.VPopMail.txt>
|
||||||
|
|
||||||
|
passdb {
|
||||||
|
driver = vpopmail
|
||||||
|
|
||||||
|
# [cache_key=<key>] [webmail=<ip>]
|
||||||
|
args =
|
||||||
|
}
|
||||||
|
|
||||||
|
userdb {
|
||||||
|
driver = vpopmail
|
||||||
|
|
||||||
|
# [quota_template=<template>] - %q expands to Maildir++ quota
|
||||||
|
args = quota_template=quota_rule=*:backend=%q
|
||||||
|
}
|
13
dovecot/dovecot-dict-sql.conf.ext
Normal file
13
dovecot/dovecot-dict-sql.conf.ext
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
connect = host=localhost dbname=vmailadmin user=vmailadmin password=STRONGPASSWORD
|
||||||
|
map {
|
||||||
|
pattern = priv/quota/storage
|
||||||
|
table = quota2
|
||||||
|
username_field = username
|
||||||
|
value_field = bytes
|
||||||
|
}
|
||||||
|
map {
|
||||||
|
pattern = priv/quota/messages
|
||||||
|
table = quota2
|
||||||
|
username_field = username
|
||||||
|
value_field = messages
|
||||||
|
}
|
9
dovecot/dovecot-sql.conf.ext
Normal file
9
dovecot/dovecot-sql.conf.ext
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
driver = mysql
|
||||||
|
connect = host=localhost dbname=vmailadmin user=vmailadmin password=STRONGPASSWORD
|
||||||
|
default_pass_scheme = CRAM-MD5
|
||||||
|
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
|
||||||
|
# Without quota.
|
||||||
|
#user_query = SELECT maildir, 2000 AS uid, 12 AS gid FROM mailbox WHERE username = '%u' AND active='1'
|
||||||
|
# If you set quota.
|
||||||
|
user_query = SELECT CONCAT('/mailstore/vmail/', maildir) AS home, 2000 AS uid, 12 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'
|
||||||
|
iterate_query = SELECT username AS user FROM mailbox
|
6
dovecot/dovecot-sql.conf.ext_original
Normal file
6
dovecot/dovecot-sql.conf.ext_original
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
driver = mysql
|
||||||
|
connect = host=localhost dbname=vmailadmin user=vmailadmin password=STRONGPASSWORD
|
||||||
|
default_pass_scheme = CRAM-MD5
|
||||||
|
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
|
||||||
|
user_query = SELECT maildir, 2000 AS uid, 12 AS gid FROM mailbox WHERE username = '%u' AND active='1'
|
||||||
|
iterate_query = SELECT username AS user FROM mailbox
|
108
dovecot/dovecot.conf
Normal file
108
dovecot/dovecot.conf
Normal file
|
@ -0,0 +1,108 @@
|
||||||
|
## Dovecot configuration file
|
||||||
|
|
||||||
|
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
|
||||||
|
|
||||||
|
# "doveconf -n" command gives a clean output of the changed settings. Use it
|
||||||
|
# instead of copy&pasting files when posting to the Dovecot mailing list.
|
||||||
|
|
||||||
|
# '#' character and everything after it is treated as comments. Extra spaces
|
||||||
|
# and tabs are ignored. If you want to use either of these explicitly, put the
|
||||||
|
# value inside quotes, eg.: key = "# char and trailing whitespace "
|
||||||
|
|
||||||
|
# Most (but not all) settings can be overridden by different protocols and/or
|
||||||
|
# source/destination IPs by placing the settings inside sections, for example:
|
||||||
|
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
|
||||||
|
|
||||||
|
# Default values are shown for each setting, it's not required to uncomment
|
||||||
|
# those. These are exceptions to this though: No sections (e.g. namespace {})
|
||||||
|
# or plugin settings are added by default, they're listed only as examples.
|
||||||
|
# Paths are also just examples with the real defaults being based on configure
|
||||||
|
# options. The paths listed here are for configure --prefix=/usr
|
||||||
|
# --sysconfdir=/etc --localstatedir=/var
|
||||||
|
|
||||||
|
# Protocols we want to be serving.
|
||||||
|
protocols = imap pop3 lmtp
|
||||||
|
|
||||||
|
# A comma separated list of IPs or hosts where to listen in for connections.
|
||||||
|
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
|
||||||
|
# If you want to specify non-default ports or anything more complex,
|
||||||
|
# edit conf.d/master.conf.
|
||||||
|
#listen = *, ::
|
||||||
|
|
||||||
|
# Base directory where to store runtime data.
|
||||||
|
#base_dir = /var/run/dovecot/
|
||||||
|
|
||||||
|
# Name of this instance. In multi-instance setup doveadm and other commands
|
||||||
|
# can use -i <instance_name> to select which instance is used (an alternative
|
||||||
|
# to -c <config_path>). The instance name is also added to Dovecot processes
|
||||||
|
# in ps output.
|
||||||
|
#instance_name = dovecot
|
||||||
|
|
||||||
|
# Greeting message for clients.
|
||||||
|
#login_greeting = Dovecot ready.
|
||||||
|
|
||||||
|
# Space separated list of trusted network ranges. Connections from these
|
||||||
|
# IPs are allowed to override their IP addresses and ports (for logging and
|
||||||
|
# for authentication checks). disable_plaintext_auth is also ignored for
|
||||||
|
# these networks. Typically you'd specify your IMAP proxy servers here.
|
||||||
|
#login_trusted_networks =
|
||||||
|
|
||||||
|
# Space separated list of login access check sockets (e.g. tcpwrap)
|
||||||
|
#login_access_sockets =
|
||||||
|
|
||||||
|
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
|
||||||
|
# proxying. This isn't necessary normally, but may be useful if the destination
|
||||||
|
# IP is e.g. a load balancer's IP.
|
||||||
|
#auth_proxy_self =
|
||||||
|
|
||||||
|
# Show more verbose process titles (in ps). Currently shows user name and
|
||||||
|
# IP address. Useful for seeing who are actually using the IMAP processes
|
||||||
|
# (eg. shared mailboxes or if same uid is used for multiple accounts).
|
||||||
|
#verbose_proctitle = no
|
||||||
|
|
||||||
|
# Should all processes be killed when Dovecot master process shuts down.
|
||||||
|
# Setting this to "no" means that Dovecot can be upgraded without
|
||||||
|
# forcing existing client connections to close (although that could also be
|
||||||
|
# a problem if the upgrade is e.g. because of a security fix).
|
||||||
|
#shutdown_clients = yes
|
||||||
|
|
||||||
|
# If non-zero, run mail commands via this many connections to doveadm server,
|
||||||
|
# instead of running them directly in the same process.
|
||||||
|
#doveadm_worker_count = 0
|
||||||
|
# UNIX socket or host:port used for connecting to doveadm server
|
||||||
|
#doveadm_socket_path = doveadm-server
|
||||||
|
|
||||||
|
# Space separated list of environment variables that are preserved on Dovecot
|
||||||
|
# startup and passed down to all of its child processes. You can also give
|
||||||
|
# key=value pairs to always set specific settings.
|
||||||
|
#import_environment = TZ
|
||||||
|
|
||||||
|
##
|
||||||
|
## Dictionary server settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Dictionary can be used to store key=value lists. This is used by several
|
||||||
|
# plugins. The dictionary can be accessed either directly or though a
|
||||||
|
# dictionary server. The following dict block maps dictionary names to URIs
|
||||||
|
# when the server is used. These can then be referenced using URIs in format
|
||||||
|
# "proxy::<name>".
|
||||||
|
|
||||||
|
dict {
|
||||||
|
quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
|
||||||
|
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
|
||||||
|
}
|
||||||
|
|
||||||
|
# Most of the actual configuration gets included below. The filenames are
|
||||||
|
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
|
||||||
|
# in filenames are intended to make it easier to understand the ordering.
|
||||||
|
!include conf.d/*.conf
|
||||||
|
|
||||||
|
# A config file can also tried to be included without giving an error if
|
||||||
|
# it's not found:
|
||||||
|
!include_try local.conf
|
||||||
|
auth_verbose = yes
|
||||||
|
auth_verbose_passwords = no
|
||||||
|
auth_debug = no
|
||||||
|
auth_debug_passwords = no
|
||||||
|
mail_debug = no
|
||||||
|
verbose_ssl = no
|
102
dovecot/dovecot.conf_original
Normal file
102
dovecot/dovecot.conf_original
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
## Dovecot configuration file
|
||||||
|
|
||||||
|
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
|
||||||
|
|
||||||
|
# "doveconf -n" command gives a clean output of the changed settings. Use it
|
||||||
|
# instead of copy&pasting files when posting to the Dovecot mailing list.
|
||||||
|
|
||||||
|
# '#' character and everything after it is treated as comments. Extra spaces
|
||||||
|
# and tabs are ignored. If you want to use either of these explicitly, put the
|
||||||
|
# value inside quotes, eg.: key = "# char and trailing whitespace "
|
||||||
|
|
||||||
|
# Most (but not all) settings can be overridden by different protocols and/or
|
||||||
|
# source/destination IPs by placing the settings inside sections, for example:
|
||||||
|
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
|
||||||
|
|
||||||
|
# Default values are shown for each setting, it's not required to uncomment
|
||||||
|
# those. These are exceptions to this though: No sections (e.g. namespace {})
|
||||||
|
# or plugin settings are added by default, they're listed only as examples.
|
||||||
|
# Paths are also just examples with the real defaults being based on configure
|
||||||
|
# options. The paths listed here are for configure --prefix=/usr
|
||||||
|
# --sysconfdir=/etc --localstatedir=/var
|
||||||
|
|
||||||
|
# Protocols we want to be serving.
|
||||||
|
#protocols = imap pop3 lmtp
|
||||||
|
|
||||||
|
# A comma separated list of IPs or hosts where to listen in for connections.
|
||||||
|
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
|
||||||
|
# If you want to specify non-default ports or anything more complex,
|
||||||
|
# edit conf.d/master.conf.
|
||||||
|
#listen = *, ::
|
||||||
|
|
||||||
|
# Base directory where to store runtime data.
|
||||||
|
#base_dir = /var/run/dovecot/
|
||||||
|
|
||||||
|
# Name of this instance. In multi-instance setup doveadm and other commands
|
||||||
|
# can use -i <instance_name> to select which instance is used (an alternative
|
||||||
|
# to -c <config_path>). The instance name is also added to Dovecot processes
|
||||||
|
# in ps output.
|
||||||
|
#instance_name = dovecot
|
||||||
|
|
||||||
|
# Greeting message for clients.
|
||||||
|
#login_greeting = Dovecot ready.
|
||||||
|
|
||||||
|
# Space separated list of trusted network ranges. Connections from these
|
||||||
|
# IPs are allowed to override their IP addresses and ports (for logging and
|
||||||
|
# for authentication checks). disable_plaintext_auth is also ignored for
|
||||||
|
# these networks. Typically you'd specify your IMAP proxy servers here.
|
||||||
|
#login_trusted_networks =
|
||||||
|
|
||||||
|
# Space separated list of login access check sockets (e.g. tcpwrap)
|
||||||
|
#login_access_sockets =
|
||||||
|
|
||||||
|
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
|
||||||
|
# proxying. This isn't necessary normally, but may be useful if the destination
|
||||||
|
# IP is e.g. a load balancer's IP.
|
||||||
|
#auth_proxy_self =
|
||||||
|
|
||||||
|
# Show more verbose process titles (in ps). Currently shows user name and
|
||||||
|
# IP address. Useful for seeing who are actually using the IMAP processes
|
||||||
|
# (eg. shared mailboxes or if same uid is used for multiple accounts).
|
||||||
|
#verbose_proctitle = no
|
||||||
|
|
||||||
|
# Should all processes be killed when Dovecot master process shuts down.
|
||||||
|
# Setting this to "no" means that Dovecot can be upgraded without
|
||||||
|
# forcing existing client connections to close (although that could also be
|
||||||
|
# a problem if the upgrade is e.g. because of a security fix).
|
||||||
|
#shutdown_clients = yes
|
||||||
|
|
||||||
|
# If non-zero, run mail commands via this many connections to doveadm server,
|
||||||
|
# instead of running them directly in the same process.
|
||||||
|
#doveadm_worker_count = 0
|
||||||
|
# UNIX socket or host:port used for connecting to doveadm server
|
||||||
|
#doveadm_socket_path = doveadm-server
|
||||||
|
|
||||||
|
# Space separated list of environment variables that are preserved on Dovecot
|
||||||
|
# startup and passed down to all of its child processes. You can also give
|
||||||
|
# key=value pairs to always set specific settings.
|
||||||
|
#import_environment = TZ
|
||||||
|
|
||||||
|
##
|
||||||
|
## Dictionary server settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Dictionary can be used to store key=value lists. This is used by several
|
||||||
|
# plugins. The dictionary can be accessed either directly or though a
|
||||||
|
# dictionary server. The following dict block maps dictionary names to URIs
|
||||||
|
# when the server is used. These can then be referenced using URIs in format
|
||||||
|
# "proxy::<name>".
|
||||||
|
|
||||||
|
dict {
|
||||||
|
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
|
||||||
|
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
|
||||||
|
}
|
||||||
|
|
||||||
|
# Most of the actual configuration gets included below. The filenames are
|
||||||
|
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
|
||||||
|
# in filenames are intended to make it easier to understand the ordering.
|
||||||
|
!include conf.d/*.conf
|
||||||
|
|
||||||
|
# A config file can also tried to be included without giving an error if
|
||||||
|
# it's not found:
|
||||||
|
!include_try local.conf
|
10
httpd/postfixadmin.conf
Normal file
10
httpd/postfixadmin.conf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
Listen 8080
|
||||||
|
<VirtualHost *:8080>
|
||||||
|
DocumentRoot /var/www/html/postfixadmin/public/
|
||||||
|
|
||||||
|
<Directory "/var/www/html/postfixadmin/public/">
|
||||||
|
AllowOverride All
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
</VirtualHost>
|
9
httpd/roundcubemail.conf
Normal file
9
httpd/roundcubemail.conf
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
<VirtualHost *:80>
|
||||||
|
DocumentRoot /var/www/html/roundcubemail
|
||||||
|
|
||||||
|
<Directory "/var/www/html/roundcubemail">
|
||||||
|
AllowOverride All
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
</VirtualHost>
|
10
local.cf
Normal file
10
local.cf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
|
||||||
|
# (see spamassassin(1) for details)
|
||||||
|
|
||||||
|
# These should be safe assumptions and allow for simple visual sifting
|
||||||
|
# without risking lost emails.
|
||||||
|
|
||||||
|
required_hits 5
|
||||||
|
report_safe 0
|
||||||
|
rewrite_header Subject [SPAM]
|
||||||
|
|
476
postfix/access
Normal file
476
postfix/access
Normal file
|
@ -0,0 +1,476 @@
|
||||||
|
# ACCESS(5) ACCESS(5)
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# access - Postfix SMTP server access table
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# postmap /etc/postfix/access
|
||||||
|
#
|
||||||
|
# postmap -q "string" /etc/postfix/access
|
||||||
|
#
|
||||||
|
# postmap -q - /etc/postfix/access <inputfile
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# This document describes access control on remote SMTP
|
||||||
|
# client information: host names, network addresses, and
|
||||||
|
# envelope sender or recipient addresses; it is implemented
|
||||||
|
# by the Postfix SMTP server. See header_checks(5) or
|
||||||
|
# body_checks(5) for access control on the content of email
|
||||||
|
# messages.
|
||||||
|
#
|
||||||
|
# Normally, the access(5) table is specified as a text file
|
||||||
|
# that serves as input to the postmap(1) command. The
|
||||||
|
# result, an indexed file in dbm or db format, is used for
|
||||||
|
# fast searching by the mail system. Execute the command
|
||||||
|
# "postmap /etc/postfix/access" to rebuild an indexed file
|
||||||
|
# after changing the corresponding text file.
|
||||||
|
#
|
||||||
|
# When the table is provided via other means such as NIS,
|
||||||
|
# LDAP or SQL, the same lookups are done as for ordinary
|
||||||
|
# indexed files.
|
||||||
|
#
|
||||||
|
# Alternatively, the table can be provided as a regular-
|
||||||
|
# expression map where patterns are given as regular expres-
|
||||||
|
# sions, or lookups can be directed to TCP-based server. In
|
||||||
|
# those cases, the lookups are done in a slightly different
|
||||||
|
# way as described below under "REGULAR EXPRESSION TABLES"
|
||||||
|
# or "TCP-BASED TABLES".
|
||||||
|
#
|
||||||
|
# CASE FOLDING
|
||||||
|
# The search string is folded to lowercase before database
|
||||||
|
# lookup. As of Postfix 2.3, the search string is not case
|
||||||
|
# folded with database types such as regexp: or pcre: whose
|
||||||
|
# lookup fields can match both upper and lower case.
|
||||||
|
#
|
||||||
|
# TABLE FORMAT
|
||||||
|
# The input format for the postmap(1) command is as follows:
|
||||||
|
#
|
||||||
|
# pattern action
|
||||||
|
# When pattern matches a mail address, domain or host
|
||||||
|
# address, perform the corresponding action.
|
||||||
|
#
|
||||||
|
# blank lines and comments
|
||||||
|
# Empty lines and whitespace-only lines are ignored,
|
||||||
|
# as are lines whose first non-whitespace character
|
||||||
|
# is a `#'.
|
||||||
|
#
|
||||||
|
# multi-line text
|
||||||
|
# A logical line starts with non-whitespace text. A
|
||||||
|
# line that starts with whitespace continues a logi-
|
||||||
|
# cal line.
|
||||||
|
#
|
||||||
|
# EMAIL ADDRESS PATTERNS
|
||||||
|
# With lookups from indexed files such as DB or DBM, or from
|
||||||
|
# networked tables such as NIS, LDAP or SQL, patterns are
|
||||||
|
# tried in the order as listed below:
|
||||||
|
#
|
||||||
|
# user@domain
|
||||||
|
# Matches the specified mail address.
|
||||||
|
#
|
||||||
|
# domain.tld
|
||||||
|
# Matches domain.tld as the domain part of an email
|
||||||
|
# address.
|
||||||
|
#
|
||||||
|
# The pattern domain.tld also matches subdomains, but
|
||||||
|
# only when the string smtpd_access_maps is listed in
|
||||||
|
# the Postfix parent_domain_matches_subdomains con-
|
||||||
|
# figuration setting.
|
||||||
|
#
|
||||||
|
# .domain.tld
|
||||||
|
# Matches subdomains of domain.tld, but only when the
|
||||||
|
# string smtpd_access_maps is not listed in the Post-
|
||||||
|
# fix parent_domain_matches_subdomains configuration
|
||||||
|
# setting.
|
||||||
|
#
|
||||||
|
# user@ Matches all mail addresses with the specified user
|
||||||
|
# part.
|
||||||
|
#
|
||||||
|
# Note: lookup of the null sender address is not possible
|
||||||
|
# with some types of lookup table. By default, Postfix uses
|
||||||
|
# <> as the lookup key for such addresses. The value is
|
||||||
|
# specified with the smtpd_null_access_lookup_key parameter
|
||||||
|
# in the Postfix main.cf file.
|
||||||
|
#
|
||||||
|
# EMAIL ADDRESS EXTENSION
|
||||||
|
# When a mail address localpart contains the optional recip-
|
||||||
|
# ient delimiter (e.g., user+foo@domain), the lookup order
|
||||||
|
# becomes: user+foo@domain, user@domain, domain, user+foo@,
|
||||||
|
# and user@.
|
||||||
|
#
|
||||||
|
# HOST NAME/ADDRESS PATTERNS
|
||||||
|
# With lookups from indexed files such as DB or DBM, or from
|
||||||
|
# networked tables such as NIS, LDAP or SQL, the following
|
||||||
|
# lookup patterns are examined in the order as listed:
|
||||||
|
#
|
||||||
|
# domain.tld
|
||||||
|
# Matches domain.tld.
|
||||||
|
#
|
||||||
|
# The pattern domain.tld also matches subdomains, but
|
||||||
|
# only when the string smtpd_access_maps is listed in
|
||||||
|
# the Postfix parent_domain_matches_subdomains con-
|
||||||
|
# figuration setting.
|
||||||
|
#
|
||||||
|
# .domain.tld
|
||||||
|
# Matches subdomains of domain.tld, but only when the
|
||||||
|
# string smtpd_access_maps is not listed in the Post-
|
||||||
|
# fix parent_domain_matches_subdomains configuration
|
||||||
|
# setting.
|
||||||
|
#
|
||||||
|
# net.work.addr.ess
|
||||||
|
#
|
||||||
|
# net.work.addr
|
||||||
|
#
|
||||||
|
# net.work
|
||||||
|
#
|
||||||
|
# net Matches the specified IPv4 host address or subnet-
|
||||||
|
# work. An IPv4 host address is a sequence of four
|
||||||
|
# decimal octets separated by ".".
|
||||||
|
#
|
||||||
|
# Subnetworks are matched by repeatedly truncating
|
||||||
|
# the last ".octet" from the remote IPv4 host address
|
||||||
|
# string until a match is found in the access table,
|
||||||
|
# or until further truncation is not possible.
|
||||||
|
#
|
||||||
|
# NOTE 1: The access map lookup key must be in canon-
|
||||||
|
# ical form: do not specify unnecessary null charac-
|
||||||
|
# ters, and do not enclose network address informa-
|
||||||
|
# tion with "[]" characters.
|
||||||
|
#
|
||||||
|
# NOTE 2: use the cidr lookup table type to specify
|
||||||
|
# network/netmask patterns. See cidr_table(5) for
|
||||||
|
# details.
|
||||||
|
#
|
||||||
|
# net:work:addr:ess
|
||||||
|
#
|
||||||
|
# net:work:addr
|
||||||
|
#
|
||||||
|
# net:work
|
||||||
|
#
|
||||||
|
# net Matches the specified IPv6 host address or subnet-
|
||||||
|
# work. An IPv6 host address is a sequence of three
|
||||||
|
# to eight hexadecimal octet pairs separated by ":".
|
||||||
|
#
|
||||||
|
# Subnetworks are matched by repeatedly truncating
|
||||||
|
# the last ":octetpair" from the remote IPv6 host
|
||||||
|
# address string until a match is found in the access
|
||||||
|
# table, or until further truncation is not possible.
|
||||||
|
#
|
||||||
|
# NOTE 1: the truncation and comparison are done with
|
||||||
|
# the string representation of the IPv6 host address.
|
||||||
|
# Thus, not all the ":" subnetworks will be tried.
|
||||||
|
#
|
||||||
|
# NOTE 2: The access map lookup key must be in canon-
|
||||||
|
# ical form: do not specify unnecessary null charac-
|
||||||
|
# ters, and do not enclose network address informa-
|
||||||
|
# tion with "[]" characters.
|
||||||
|
#
|
||||||
|
# NOTE 3: use the cidr lookup table type to specify
|
||||||
|
# network/netmask patterns. See cidr_table(5) for
|
||||||
|
# details.
|
||||||
|
#
|
||||||
|
# IPv6 support is available in Postfix 2.2 and later.
|
||||||
|
#
|
||||||
|
# ACCEPT ACTIONS
|
||||||
|
# OK Accept the address etc. that matches the pattern.
|
||||||
|
#
|
||||||
|
# all-numerical
|
||||||
|
# An all-numerical result is treated as OK. This for-
|
||||||
|
# mat is generated by address-based relay authoriza-
|
||||||
|
# tion schemes such as pop-before-smtp.
|
||||||
|
#
|
||||||
|
# REJECT ACTIONS
|
||||||
|
# Postfix version 2.3 and later support enhanced status
|
||||||
|
# codes as defined in RFC 3463. When no code is specified
|
||||||
|
# at the beginning of the text below, Postfix inserts a
|
||||||
|
# default enhanced status code of "5.7.1" in the case of
|
||||||
|
# reject actions, and "4.7.1" in the case of defer actions.
|
||||||
|
# See "ENHANCED STATUS CODES" below.
|
||||||
|
#
|
||||||
|
# 4NN text
|
||||||
|
#
|
||||||
|
# 5NN text
|
||||||
|
# Reject the address etc. that matches the pattern,
|
||||||
|
# and respond with the numerical three-digit code and
|
||||||
|
# text. 4NN means "try again later", while 5NN means
|
||||||
|
# "do not try again".
|
||||||
|
#
|
||||||
|
# The following responses have special meaning for
|
||||||
|
# the Postfix SMTP server:
|
||||||
|
#
|
||||||
|
# 421 text (Postfix 2.3 and later)
|
||||||
|
#
|
||||||
|
# 521 text (Postfix 2.6 and later)
|
||||||
|
# After responding with the numerical three-
|
||||||
|
# digit code and text, disconnect immediately
|
||||||
|
# from the SMTP client. This frees up SMTP
|
||||||
|
# server resources so that they can be made
|
||||||
|
# available to another SMTP client.
|
||||||
|
#
|
||||||
|
# Note: The "521" response should be used only
|
||||||
|
# with botnets and other malware where inter-
|
||||||
|
# operability is of no concern. The "send 521
|
||||||
|
# and disconnect" behavior is NOT defined in
|
||||||
|
# the SMTP standard.
|
||||||
|
#
|
||||||
|
# REJECT optional text...
|
||||||
|
# Reject the address etc. that matches the pattern.
|
||||||
|
# Reply with "$access_map_reject_code optional
|
||||||
|
# text..." when the optional text is specified, oth-
|
||||||
|
# erwise reply with a generic error response message.
|
||||||
|
#
|
||||||
|
# DEFER optional text...
|
||||||
|
# Reject the address etc. that matches the pattern.
|
||||||
|
# Reply with "$access_map_defer_code optional
|
||||||
|
# text..." when the optional text is specified, oth-
|
||||||
|
# erwise reply with a generic error response message.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.6 and later.
|
||||||
|
#
|
||||||
|
# DEFER_IF_REJECT optional text...
|
||||||
|
# Defer the request if some later restriction would
|
||||||
|
# result in a REJECT action. Reply with
|
||||||
|
# "$access_map_defer_code 4.7.1 optional text..."
|
||||||
|
# when the optional text is specified, otherwise
|
||||||
|
# reply with a generic error response message.
|
||||||
|
#
|
||||||
|
# Prior to Postfix 2.6, the SMTP reply code is 450.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# DEFER_IF_PERMIT optional text...
|
||||||
|
# Defer the request if some later restriction would
|
||||||
|
# result in a an explicit or implicit PERMIT action.
|
||||||
|
# Reply with "$access_map_defer_code 4.7.1 optional
|
||||||
|
# text..." when the optional text is specified, oth-
|
||||||
|
# erwise reply with a generic error response message.
|
||||||
|
#
|
||||||
|
# Prior to Postfix 2.6, the SMTP reply code is 450.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# OTHER ACTIONS
|
||||||
|
# restriction...
|
||||||
|
# Apply the named UCE restriction(s) (permit, reject,
|
||||||
|
# reject_unauth_destination, and so on).
|
||||||
|
#
|
||||||
|
# BCC user@domain
|
||||||
|
# Send one copy of the message to the specified
|
||||||
|
# recipient.
|
||||||
|
#
|
||||||
|
# If multiple BCC actions are specified within the
|
||||||
|
# same SMTP MAIL transaction, only the last action
|
||||||
|
# will be used.
|
||||||
|
#
|
||||||
|
# This feature is not part of the stable Postfix
|
||||||
|
# release.
|
||||||
|
#
|
||||||
|
# DISCARD optional text...
|
||||||
|
# Claim successful delivery and silently discard the
|
||||||
|
# message. Log the optional text if specified, oth-
|
||||||
|
# erwise log a generic message.
|
||||||
|
#
|
||||||
|
# Note: this action currently affects all recipients
|
||||||
|
# of the message. To discard only one recipient
|
||||||
|
# without discarding the entire message, use the
|
||||||
|
# transport(5) table to direct mail to the discard(8)
|
||||||
|
# service.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# DUNNO Pretend that the lookup key was not found. This
|
||||||
|
# prevents Postfix from trying substrings of the
|
||||||
|
# lookup key (such as a subdomain name, or a network
|
||||||
|
# address subnetwork).
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# FILTER transport:destination
|
||||||
|
# After the message is queued, send the entire mes-
|
||||||
|
# sage through the specified external content filter.
|
||||||
|
# The transport name specifies the first field of a
|
||||||
|
# mail delivery agent definition in master.cf; the
|
||||||
|
# syntax of the next-hop destination is described in
|
||||||
|
# the manual page of the corresponding delivery
|
||||||
|
# agent. More information about external content
|
||||||
|
# filters is in the Postfix FILTER_README file.
|
||||||
|
#
|
||||||
|
# Note 1: do not use $number regular expression sub-
|
||||||
|
# stitutions for transport or destination unless you
|
||||||
|
# know that the information has a trusted origin.
|
||||||
|
#
|
||||||
|
# Note 2: this action overrides the main.cf con-
|
||||||
|
# tent_filter setting, and affects all recipients of
|
||||||
|
# the message. In the case that multiple FILTER
|
||||||
|
# actions fire, only the last one is executed.
|
||||||
|
#
|
||||||
|
# Note 3: the purpose of the FILTER command is to
|
||||||
|
# override message routing. To override the recipi-
|
||||||
|
# ent's transport but not the next-hop destination,
|
||||||
|
# specify an empty filter destination (Postfix 2.7
|
||||||
|
# and later), or specify a transport:destination that
|
||||||
|
# delivers through a different Postfix instance
|
||||||
|
# (Postfix 2.6 and earlier). Other options are using
|
||||||
|
# the recipient-dependent transport_maps or the sen-
|
||||||
|
# der-dependent sender_dependent_default_transport-
|
||||||
|
# _maps features.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# HOLD optional text...
|
||||||
|
# Place the message on the hold queue, where it will
|
||||||
|
# sit until someone either deletes it or releases it
|
||||||
|
# for delivery. Log the optional text if specified,
|
||||||
|
# otherwise log a generic message.
|
||||||
|
#
|
||||||
|
# Mail that is placed on hold can be examined with
|
||||||
|
# the postcat(1) command, and can be destroyed or
|
||||||
|
# released with the postsuper(1) command.
|
||||||
|
#
|
||||||
|
# Note: use "postsuper -r" to release mail that was
|
||||||
|
# kept on hold for a significant fraction of $maxi-
|
||||||
|
# mal_queue_lifetime or $bounce_queue_lifetime, or
|
||||||
|
# longer. Use "postsuper -H" only for mail that will
|
||||||
|
# not expire within a few delivery attempts.
|
||||||
|
#
|
||||||
|
# Note: this action currently affects all recipients
|
||||||
|
# of the message.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# PREPEND headername: headervalue
|
||||||
|
# Prepend the specified message header to the mes-
|
||||||
|
# sage. When more than one PREPEND action executes,
|
||||||
|
# the first prepended header appears before the sec-
|
||||||
|
# ond etc. prepended header.
|
||||||
|
#
|
||||||
|
# Note: this action must execute before the message
|
||||||
|
# content is received; it cannot execute in the con-
|
||||||
|
# text of smtpd_end_of_data_restrictions.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# REDIRECT user@domain
|
||||||
|
# After the message is queued, send the message to
|
||||||
|
# the specified address instead of the intended
|
||||||
|
# recipient(s).
|
||||||
|
#
|
||||||
|
# Note: this action overrides the FILTER action, and
|
||||||
|
# currently affects all recipients of the message.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# WARN optional text...
|
||||||
|
# Log a warning with the optional text, together with
|
||||||
|
# client information and if available, with helo,
|
||||||
|
# sender, recipient and protocol information.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# ENHANCED STATUS CODES
|
||||||
|
# Postfix version 2.3 and later support enhanced status
|
||||||
|
# codes as defined in RFC 3463. When an enhanced status
|
||||||
|
# code is specified in an access table, it is subject to
|
||||||
|
# modification. The following transformations are needed
|
||||||
|
# when the same access table is used for client, helo,
|
||||||
|
# sender, or recipient access restrictions; they happen
|
||||||
|
# regardless of whether Postfix replies to a MAIL FROM, RCPT
|
||||||
|
# TO or other SMTP command.
|
||||||
|
#
|
||||||
|
# o When a sender address matches a REJECT action, the
|
||||||
|
# Postfix SMTP server will transform a recipient DSN
|
||||||
|
# status (e.g., 4.1.1-4.1.6) into the corresponding
|
||||||
|
# sender DSN status, and vice versa.
|
||||||
|
#
|
||||||
|
# o When non-address information matches a REJECT
|
||||||
|
# action (such as the HELO command argument or the
|
||||||
|
# client hostname/address), the Postfix SMTP server
|
||||||
|
# will transform a sender or recipient DSN status
|
||||||
|
# into a generic non-address DSN status (e.g.,
|
||||||
|
# 4.0.0).
|
||||||
|
#
|
||||||
|
# REGULAR EXPRESSION TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# the table is given in the form of regular expressions. For
|
||||||
|
# a description of regular expression lookup table syntax,
|
||||||
|
# see regexp_table(5) or pcre_table(5).
|
||||||
|
#
|
||||||
|
# Each pattern is a regular expression that is applied to
|
||||||
|
# the entire string being looked up. Depending on the appli-
|
||||||
|
# cation, that string is an entire client hostname, an
|
||||||
|
# entire client IP address, or an entire mail address. Thus,
|
||||||
|
# no parent domain or parent network search is done,
|
||||||
|
# user@domain mail addresses are not broken up into their
|
||||||
|
# user@ and domain constituent parts, nor is user+foo broken
|
||||||
|
# up into user and foo.
|
||||||
|
#
|
||||||
|
# Patterns are applied in the order as specified in the ta-
|
||||||
|
# ble, until a pattern is found that matches the search
|
||||||
|
# string.
|
||||||
|
#
|
||||||
|
# Actions are the same as with indexed file lookups, with
|
||||||
|
# the additional feature that parenthesized substrings from
|
||||||
|
# the pattern can be interpolated as $1, $2 and so on.
|
||||||
|
#
|
||||||
|
# TCP-BASED TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# lookups are directed to a TCP-based server. For a descrip-
|
||||||
|
# tion of the TCP client/server lookup protocol, see tcp_ta-
|
||||||
|
# ble(5). This feature is not available up to and including
|
||||||
|
# Postfix version 2.4.
|
||||||
|
#
|
||||||
|
# Each lookup operation uses the entire query string once.
|
||||||
|
# Depending on the application, that string is an entire
|
||||||
|
# client hostname, an entire client IP address, or an entire
|
||||||
|
# mail address. Thus, no parent domain or parent network
|
||||||
|
# search is done, user@domain mail addresses are not broken
|
||||||
|
# up into their user@ and domain constituent parts, nor is
|
||||||
|
# user+foo broken up into user and foo.
|
||||||
|
#
|
||||||
|
# Actions are the same as with indexed file lookups.
|
||||||
|
#
|
||||||
|
# EXAMPLE
|
||||||
|
# The following example uses an indexed file, so that the
|
||||||
|
# order of table entries does not matter. The example per-
|
||||||
|
# mits access by the client at address 1.2.3.4 but rejects
|
||||||
|
# all other clients in 1.2.3.0/24. Instead of hash lookup
|
||||||
|
# tables, some systems use dbm. Use the command "postconf
|
||||||
|
# -m" to find out what lookup tables Postfix supports on
|
||||||
|
# your system.
|
||||||
|
#
|
||||||
|
# /etc/postfix/main.cf:
|
||||||
|
# smtpd_client_restrictions =
|
||||||
|
# check_client_access hash:/etc/postfix/access
|
||||||
|
#
|
||||||
|
# /etc/postfix/access:
|
||||||
|
# 1.2.3 REJECT
|
||||||
|
# 1.2.3.4 OK
|
||||||
|
#
|
||||||
|
# Execute the command "postmap /etc/postfix/access" after
|
||||||
|
# editing the file.
|
||||||
|
#
|
||||||
|
# BUGS
|
||||||
|
# The table format does not understand quoting conventions.
|
||||||
|
#
|
||||||
|
# SEE ALSO
|
||||||
|
# postmap(1), Postfix lookup table manager
|
||||||
|
# smtpd(8), SMTP server
|
||||||
|
# postconf(5), configuration parameters
|
||||||
|
# transport(5), transport:nexthop syntax
|
||||||
|
#
|
||||||
|
# README FILES
|
||||||
|
# Use "postconf readme_directory" or "postconf html_direc-
|
||||||
|
# tory" to locate this information.
|
||||||
|
# SMTPD_ACCESS_README, built-in SMTP server access control
|
||||||
|
# DATABASE_README, Postfix lookup table overview
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
# The Secure Mailer license must be distributed with this
|
||||||
|
# software.
|
||||||
|
#
|
||||||
|
# AUTHOR(S)
|
||||||
|
# Wietse Venema
|
||||||
|
# IBM T.J. Watson Research
|
||||||
|
# P.O. Box 704
|
||||||
|
# Yorktown Heights, NY 10598, USA
|
||||||
|
#
|
||||||
|
# ACCESS(5)
|
283
postfix/canonical
Normal file
283
postfix/canonical
Normal file
|
@ -0,0 +1,283 @@
|
||||||
|
# CANONICAL(5) CANONICAL(5)
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# canonical - Postfix canonical table format
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# postmap /etc/postfix/canonical
|
||||||
|
#
|
||||||
|
# postmap -q "string" /etc/postfix/canonical
|
||||||
|
#
|
||||||
|
# postmap -q - /etc/postfix/canonical <inputfile
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# The optional canonical(5) table specifies an address map-
|
||||||
|
# ping for local and non-local addresses. The mapping is
|
||||||
|
# used by the cleanup(8) daemon, before mail is stored into
|
||||||
|
# the queue. The address mapping is recursive.
|
||||||
|
#
|
||||||
|
# Normally, the canonical(5) table is specified as a text
|
||||||
|
# file that serves as input to the postmap(1) command. The
|
||||||
|
# result, an indexed file in dbm or db format, is used for
|
||||||
|
# fast searching by the mail system. Execute the command
|
||||||
|
# "postmap /etc/postfix/canonical" to rebuild an indexed
|
||||||
|
# file after changing the corresponding text file.
|
||||||
|
#
|
||||||
|
# When the table is provided via other means such as NIS,
|
||||||
|
# LDAP or SQL, the same lookups are done as for ordinary
|
||||||
|
# indexed files.
|
||||||
|
#
|
||||||
|
# Alternatively, the table can be provided as a regular-
|
||||||
|
# expression map where patterns are given as regular expres-
|
||||||
|
# sions, or lookups can be directed to TCP-based server. In
|
||||||
|
# those cases, the lookups are done in a slightly different
|
||||||
|
# way as described below under "REGULAR EXPRESSION TABLES"
|
||||||
|
# or "TCP-BASED TABLES".
|
||||||
|
#
|
||||||
|
# By default the canonical(5) mapping affects both message
|
||||||
|
# header addresses (i.e. addresses that appear inside mes-
|
||||||
|
# sages) and message envelope addresses (for example, the
|
||||||
|
# addresses that are used in SMTP protocol commands). This
|
||||||
|
# is controlled with the canonical_classes parameter.
|
||||||
|
#
|
||||||
|
# NOTE: Postfix versions 2.2 and later rewrite message head-
|
||||||
|
# ers from remote SMTP clients only if the client matches
|
||||||
|
# the local_header_rewrite_clients parameter, or if the
|
||||||
|
# remote_header_rewrite_domain configuration parameter spec-
|
||||||
|
# ifies a non-empty value. To get the behavior before Post-
|
||||||
|
# fix 2.2, specify "local_header_rewrite_clients =
|
||||||
|
# static:all".
|
||||||
|
#
|
||||||
|
# Typically, one would use the canonical(5) table to replace
|
||||||
|
# login names by Firstname.Lastname, or to clean up
|
||||||
|
# addresses produced by legacy mail systems.
|
||||||
|
#
|
||||||
|
# The canonical(5) mapping is not to be confused with vir-
|
||||||
|
# tual alias support or with local aliasing. To change the
|
||||||
|
# destination but not the headers, use the virtual(5) or
|
||||||
|
# aliases(5) map instead.
|
||||||
|
#
|
||||||
|
# CASE FOLDING
|
||||||
|
# The search string is folded to lowercase before database
|
||||||
|
# lookup. As of Postfix 2.3, the search string is not case
|
||||||
|
# folded with database types such as regexp: or pcre: whose
|
||||||
|
# lookup fields can match both upper and lower case.
|
||||||
|
#
|
||||||
|
# TABLE FORMAT
|
||||||
|
# The input format for the postmap(1) command is as follows:
|
||||||
|
#
|
||||||
|
# pattern result
|
||||||
|
# When pattern matches a mail address, replace it by
|
||||||
|
# the corresponding result.
|
||||||
|
#
|
||||||
|
# blank lines and comments
|
||||||
|
# Empty lines and whitespace-only lines are ignored,
|
||||||
|
# as are lines whose first non-whitespace character
|
||||||
|
# is a `#'.
|
||||||
|
#
|
||||||
|
# multi-line text
|
||||||
|
# A logical line starts with non-whitespace text. A
|
||||||
|
# line that starts with whitespace continues a logi-
|
||||||
|
# cal line.
|
||||||
|
#
|
||||||
|
# TABLE SEARCH ORDER
|
||||||
|
# With lookups from indexed files such as DB or DBM, or from
|
||||||
|
# networked tables such as NIS, LDAP or SQL, each
|
||||||
|
# user@domain query produces a sequence of query patterns as
|
||||||
|
# described below.
|
||||||
|
#
|
||||||
|
# Each query pattern is sent to each specified lookup table
|
||||||
|
# before trying the next query pattern, until a match is
|
||||||
|
# found.
|
||||||
|
#
|
||||||
|
# user@domain address
|
||||||
|
# Replace user@domain by address. This form has the
|
||||||
|
# highest precedence.
|
||||||
|
#
|
||||||
|
# This is useful to clean up addresses produced by
|
||||||
|
# legacy mail systems. It can also be used to pro-
|
||||||
|
# duce Firstname.Lastname style addresses, but see
|
||||||
|
# below for a simpler solution.
|
||||||
|
#
|
||||||
|
# user address
|
||||||
|
# Replace user@site by address when site is equal to
|
||||||
|
# $myorigin, when site is listed in $mydestination,
|
||||||
|
# or when it is listed in $inet_interfaces or
|
||||||
|
# $proxy_interfaces.
|
||||||
|
#
|
||||||
|
# This form is useful for replacing login names by
|
||||||
|
# Firstname.Lastname.
|
||||||
|
#
|
||||||
|
# @domain address
|
||||||
|
# Replace other addresses in domain by address. This
|
||||||
|
# form has the lowest precedence.
|
||||||
|
#
|
||||||
|
# Note: @domain is a wild-card. When this form is
|
||||||
|
# applied to recipient addresses, the Postfix SMTP
|
||||||
|
# server accepts mail for any recipient in domain,
|
||||||
|
# regardless of whether that recipient exists. This
|
||||||
|
# may turn your mail system into a backscatter
|
||||||
|
# source: Postfix first accepts mail for non-existent
|
||||||
|
# recipients and then tries to return that mail as
|
||||||
|
# "undeliverable" to the often forged sender address.
|
||||||
|
#
|
||||||
|
# RESULT ADDRESS REWRITING
|
||||||
|
# The lookup result is subject to address rewriting:
|
||||||
|
#
|
||||||
|
# o When the result has the form @otherdomain, the
|
||||||
|
# result becomes the same user in otherdomain.
|
||||||
|
#
|
||||||
|
# o When "append_at_myorigin=yes", append "@$myorigin"
|
||||||
|
# to addresses without "@domain".
|
||||||
|
#
|
||||||
|
# o When "append_dot_mydomain=yes", append ".$mydomain"
|
||||||
|
# to addresses without ".domain".
|
||||||
|
#
|
||||||
|
# ADDRESS EXTENSION
|
||||||
|
# When a mail address localpart contains the optional recip-
|
||||||
|
# ient delimiter (e.g., user+foo@domain), the lookup order
|
||||||
|
# becomes: user+foo@domain, user@domain, user+foo, user, and
|
||||||
|
# @domain.
|
||||||
|
#
|
||||||
|
# The propagate_unmatched_extensions parameter controls
|
||||||
|
# whether an unmatched address extension (+foo) is propa-
|
||||||
|
# gated to the result of table lookup.
|
||||||
|
#
|
||||||
|
# REGULAR EXPRESSION TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# the table is given in the form of regular expressions. For
|
||||||
|
# a description of regular expression lookup table syntax,
|
||||||
|
# see regexp_table(5) or pcre_table(5).
|
||||||
|
#
|
||||||
|
# Each pattern is a regular expression that is applied to
|
||||||
|
# the entire address being looked up. Thus, user@domain mail
|
||||||
|
# addresses are not broken up into their user and @domain
|
||||||
|
# constituent parts, nor is user+foo broken up into user and
|
||||||
|
# foo.
|
||||||
|
#
|
||||||
|
# Patterns are applied in the order as specified in the ta-
|
||||||
|
# ble, until a pattern is found that matches the search
|
||||||
|
# string.
|
||||||
|
#
|
||||||
|
# Results are the same as with indexed file lookups, with
|
||||||
|
# the additional feature that parenthesized substrings from
|
||||||
|
# the pattern can be interpolated as $1, $2 and so on.
|
||||||
|
#
|
||||||
|
# TCP-BASED TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# lookups are directed to a TCP-based server. For a descrip-
|
||||||
|
# tion of the TCP client/server lookup protocol, see tcp_ta-
|
||||||
|
# ble(5). This feature is not available up to and including
|
||||||
|
# Postfix version 2.4.
|
||||||
|
#
|
||||||
|
# Each lookup operation uses the entire address once. Thus,
|
||||||
|
# user@domain mail addresses are not broken up into their
|
||||||
|
# user and @domain constituent parts, nor is user+foo broken
|
||||||
|
# up into user and foo.
|
||||||
|
#
|
||||||
|
# Results are the same as with indexed file lookups.
|
||||||
|
#
|
||||||
|
# BUGS
|
||||||
|
# The table format does not understand quoting conventions.
|
||||||
|
#
|
||||||
|
# CONFIGURATION PARAMETERS
|
||||||
|
# The following main.cf parameters are especially relevant.
|
||||||
|
# The text below provides only a parameter summary. See
|
||||||
|
# postconf(5) for more details including examples.
|
||||||
|
#
|
||||||
|
# canonical_classes
|
||||||
|
# What addresses are subject to canonical address
|
||||||
|
# mapping.
|
||||||
|
#
|
||||||
|
# canonical_maps
|
||||||
|
# List of canonical mapping tables.
|
||||||
|
#
|
||||||
|
# recipient_canonical_maps
|
||||||
|
# Address mapping lookup table for envelope and
|
||||||
|
# header recipient addresses.
|
||||||
|
#
|
||||||
|
# sender_canonical_maps
|
||||||
|
# Address mapping lookup table for envelope and
|
||||||
|
# header sender addresses.
|
||||||
|
#
|
||||||
|
# propagate_unmatched_extensions
|
||||||
|
# A list of address rewriting or forwarding mecha-
|
||||||
|
# nisms that propagate an address extension from the
|
||||||
|
# original address to the result. Specify zero or
|
||||||
|
# more of canonical, virtual, alias, forward,
|
||||||
|
# include, or generic.
|
||||||
|
#
|
||||||
|
# Other parameters of interest:
|
||||||
|
#
|
||||||
|
# inet_interfaces
|
||||||
|
# The network interface addresses that this system
|
||||||
|
# receives mail on. You need to stop and start Post-
|
||||||
|
# fix when this parameter changes.
|
||||||
|
#
|
||||||
|
# local_header_rewrite_clients
|
||||||
|
# Rewrite message header addresses in mail from these
|
||||||
|
# clients and update incomplete addresses with the
|
||||||
|
# domain name in $myorigin or $mydomain; either don't
|
||||||
|
# rewrite message headers from other clients at all,
|
||||||
|
# or rewrite message headers and update incomplete
|
||||||
|
# addresses with the domain specified in the
|
||||||
|
# remote_header_rewrite_domain parameter.
|
||||||
|
#
|
||||||
|
# proxy_interfaces
|
||||||
|
# Other interfaces that this machine receives mail on
|
||||||
|
# by way of a proxy agent or network address transla-
|
||||||
|
# tor.
|
||||||
|
#
|
||||||
|
# masquerade_classes
|
||||||
|
# List of address classes subject to masquerading:
|
||||||
|
# zero or more of envelope_sender, envelope_recipi-
|
||||||
|
# ent, header_sender, header_recipient.
|
||||||
|
#
|
||||||
|
# masquerade_domains
|
||||||
|
# List of domains that hide their subdomain struc-
|
||||||
|
# ture.
|
||||||
|
#
|
||||||
|
# masquerade_exceptions
|
||||||
|
# List of user names that are not subject to address
|
||||||
|
# masquerading.
|
||||||
|
#
|
||||||
|
# mydestination
|
||||||
|
# List of domains that this mail system considers
|
||||||
|
# local.
|
||||||
|
#
|
||||||
|
# myorigin
|
||||||
|
# The domain that is appended to locally-posted mail.
|
||||||
|
#
|
||||||
|
# owner_request_special
|
||||||
|
# Give special treatment to owner-xxx and xxx-request
|
||||||
|
# addresses.
|
||||||
|
#
|
||||||
|
# remote_header_rewrite_domain
|
||||||
|
# Don't rewrite message headers from remote clients
|
||||||
|
# at all when this parameter is empty; otherwise, re-
|
||||||
|
# write message headers and append the specified
|
||||||
|
# domain name to incomplete addresses.
|
||||||
|
#
|
||||||
|
# SEE ALSO
|
||||||
|
# cleanup(8), canonicalize and enqueue mail
|
||||||
|
# postmap(1), Postfix lookup table manager
|
||||||
|
# postconf(5), configuration parameters
|
||||||
|
# virtual(5), virtual aliasing
|
||||||
|
#
|
||||||
|
# README FILES
|
||||||
|
# Use "postconf readme_directory" or "postconf html_direc-
|
||||||
|
# tory" to locate this information.
|
||||||
|
# DATABASE_README, Postfix lookup table overview
|
||||||
|
# ADDRESS_REWRITING_README, address rewriting guide
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
# The Secure Mailer license must be distributed with this
|
||||||
|
# software.
|
||||||
|
#
|
||||||
|
# AUTHOR(S)
|
||||||
|
# Wietse Venema
|
||||||
|
# IBM T.J. Watson Research
|
||||||
|
# P.O. Box 704
|
||||||
|
# Yorktown Heights, NY 10598, USA
|
||||||
|
#
|
||||||
|
# CANONICAL(5)
|
245
postfix/generic
Normal file
245
postfix/generic
Normal file
|
@ -0,0 +1,245 @@
|
||||||
|
# GENERIC(5) GENERIC(5)
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# generic - Postfix generic table format
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# postmap /etc/postfix/generic
|
||||||
|
#
|
||||||
|
# postmap -q "string" /etc/postfix/generic
|
||||||
|
#
|
||||||
|
# postmap -q - /etc/postfix/generic <inputfile
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# The optional generic(5) table specifies an address mapping
|
||||||
|
# that applies when mail is delivered. This is the opposite
|
||||||
|
# of canonical(5) mapping, which applies when mail is
|
||||||
|
# received.
|
||||||
|
#
|
||||||
|
# Typically, one would use the generic(5) table on a system
|
||||||
|
# that does not have a valid Internet domain name and that
|
||||||
|
# uses something like localdomain.local instead. The
|
||||||
|
# generic(5) table is then used by the smtp(8) client to
|
||||||
|
# transform local mail addresses into valid Internet mail
|
||||||
|
# addresses when mail has to be sent across the Internet.
|
||||||
|
# See the EXAMPLE section at the end of this document.
|
||||||
|
#
|
||||||
|
# The generic(5) mapping affects both message header
|
||||||
|
# addresses (i.e. addresses that appear inside messages) and
|
||||||
|
# message envelope addresses (for example, the addresses
|
||||||
|
# that are used in SMTP protocol commands).
|
||||||
|
#
|
||||||
|
# Normally, the generic(5) table is specified as a text file
|
||||||
|
# that serves as input to the postmap(1) command. The
|
||||||
|
# result, an indexed file in dbm or db format, is used for
|
||||||
|
# fast searching by the mail system. Execute the command
|
||||||
|
# "postmap /etc/postfix/generic" to rebuild an indexed file
|
||||||
|
# after changing the corresponding text file.
|
||||||
|
#
|
||||||
|
# When the table is provided via other means such as NIS,
|
||||||
|
# LDAP or SQL, the same lookups are done as for ordinary
|
||||||
|
# indexed files.
|
||||||
|
#
|
||||||
|
# Alternatively, the table can be provided as a regular-
|
||||||
|
# expression map where patterns are given as regular expres-
|
||||||
|
# sions, or lookups can be directed to TCP-based server. In
|
||||||
|
# those case, the lookups are done in a slightly different
|
||||||
|
# way as described below under "REGULAR EXPRESSION TABLES"
|
||||||
|
# or "TCP-BASED TABLES".
|
||||||
|
#
|
||||||
|
# CASE FOLDING
|
||||||
|
# The search string is folded to lowercase before database
|
||||||
|
# lookup. As of Postfix 2.3, the search string is not case
|
||||||
|
# folded with database types such as regexp: or pcre: whose
|
||||||
|
# lookup fields can match both upper and lower case.
|
||||||
|
#
|
||||||
|
# TABLE FORMAT
|
||||||
|
# The input format for the postmap(1) command is as follows:
|
||||||
|
#
|
||||||
|
# pattern result
|
||||||
|
# When pattern matches a mail address, replace it by
|
||||||
|
# the corresponding result.
|
||||||
|
#
|
||||||
|
# blank lines and comments
|
||||||
|
# Empty lines and whitespace-only lines are ignored,
|
||||||
|
# as are lines whose first non-whitespace character
|
||||||
|
# is a `#'.
|
||||||
|
#
|
||||||
|
# multi-line text
|
||||||
|
# A logical line starts with non-whitespace text. A
|
||||||
|
# line that starts with whitespace continues a logi-
|
||||||
|
# cal line.
|
||||||
|
#
|
||||||
|
# TABLE SEARCH ORDER
|
||||||
|
# With lookups from indexed files such as DB or DBM, or from
|
||||||
|
# networked tables such as NIS, LDAP or SQL, each
|
||||||
|
# user@domain query produces a sequence of query patterns as
|
||||||
|
# described below.
|
||||||
|
#
|
||||||
|
# Each query pattern is sent to each specified lookup table
|
||||||
|
# before trying the next query pattern, until a match is
|
||||||
|
# found.
|
||||||
|
#
|
||||||
|
# user@domain address
|
||||||
|
# Replace user@domain by address. This form has the
|
||||||
|
# highest precedence.
|
||||||
|
#
|
||||||
|
# user address
|
||||||
|
# Replace user@site by address when site is equal to
|
||||||
|
# $myorigin, when site is listed in $mydestination,
|
||||||
|
# or when it is listed in $inet_interfaces or
|
||||||
|
# $proxy_interfaces.
|
||||||
|
#
|
||||||
|
# @domain address
|
||||||
|
# Replace other addresses in domain by address. This
|
||||||
|
# form has the lowest precedence.
|
||||||
|
#
|
||||||
|
# RESULT ADDRESS REWRITING
|
||||||
|
# The lookup result is subject to address rewriting:
|
||||||
|
#
|
||||||
|
# o When the result has the form @otherdomain, the
|
||||||
|
# result becomes the same user in otherdomain.
|
||||||
|
#
|
||||||
|
# o When "append_at_myorigin=yes", append "@$myorigin"
|
||||||
|
# to addresses without "@domain".
|
||||||
|
#
|
||||||
|
# o When "append_dot_mydomain=yes", append ".$mydomain"
|
||||||
|
# to addresses without ".domain".
|
||||||
|
#
|
||||||
|
# ADDRESS EXTENSION
|
||||||
|
# When a mail address localpart contains the optional recip-
|
||||||
|
# ient delimiter (e.g., user+foo@domain), the lookup order
|
||||||
|
# becomes: user+foo@domain, user@domain, user+foo, user, and
|
||||||
|
# @domain.
|
||||||
|
#
|
||||||
|
# The propagate_unmatched_extensions parameter controls
|
||||||
|
# whether an unmatched address extension (+foo) is propa-
|
||||||
|
# gated to the result of table lookup.
|
||||||
|
#
|
||||||
|
# REGULAR EXPRESSION TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# the table is given in the form of regular expressions. For
|
||||||
|
# a description of regular expression lookup table syntax,
|
||||||
|
# see regexp_table(5) or pcre_table(5).
|
||||||
|
#
|
||||||
|
# Each pattern is a regular expression that is applied to
|
||||||
|
# the entire address being looked up. Thus, user@domain mail
|
||||||
|
# addresses are not broken up into their user and @domain
|
||||||
|
# constituent parts, nor is user+foo broken up into user and
|
||||||
|
# foo.
|
||||||
|
#
|
||||||
|
# Patterns are applied in the order as specified in the ta-
|
||||||
|
# ble, until a pattern is found that matches the search
|
||||||
|
# string.
|
||||||
|
#
|
||||||
|
# Results are the same as with indexed file lookups, with
|
||||||
|
# the additional feature that parenthesized substrings from
|
||||||
|
# the pattern can be interpolated as $1, $2 and so on.
|
||||||
|
#
|
||||||
|
# TCP-BASED TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# lookups are directed to a TCP-based server. For a descrip-
|
||||||
|
# tion of the TCP client/server lookup protocol, see tcp_ta-
|
||||||
|
# ble(5). This feature is not available up to and including
|
||||||
|
# Postfix version 2.4.
|
||||||
|
#
|
||||||
|
# Each lookup operation uses the entire address once. Thus,
|
||||||
|
# user@domain mail addresses are not broken up into their
|
||||||
|
# user and @domain constituent parts, nor is user+foo broken
|
||||||
|
# up into user and foo.
|
||||||
|
#
|
||||||
|
# Results are the same as with indexed file lookups.
|
||||||
|
#
|
||||||
|
# EXAMPLE
|
||||||
|
# The following shows a generic mapping with an indexed
|
||||||
|
# file. When mail is sent to a remote host via SMTP, this
|
||||||
|
# replaces his@localdomain.local by his ISP mail address,
|
||||||
|
# replaces her@localdomain.local by her ISP mail address,
|
||||||
|
# and replaces other local addresses by his ISP account,
|
||||||
|
# with an address extension of +local (this example assumes
|
||||||
|
# that the ISP supports "+" style address extensions).
|
||||||
|
#
|
||||||
|
# /etc/postfix/main.cf:
|
||||||
|
# smtp_generic_maps = hash:/etc/postfix/generic
|
||||||
|
#
|
||||||
|
# /etc/postfix/generic:
|
||||||
|
# his@localdomain.local hisaccount@hisisp.example
|
||||||
|
# her@localdomain.local heraccount@herisp.example
|
||||||
|
# @localdomain.local hisaccount+local@hisisp.example
|
||||||
|
#
|
||||||
|
# Execute the command "postmap /etc/postfix/generic" when-
|
||||||
|
# ever the table is changed. Instead of hash, some systems
|
||||||
|
# use dbm database files. To find out what tables your sys-
|
||||||
|
# tem supports use the command "postconf -m".
|
||||||
|
#
|
||||||
|
# BUGS
|
||||||
|
# The table format does not understand quoting conventions.
|
||||||
|
#
|
||||||
|
# CONFIGURATION PARAMETERS
|
||||||
|
# The following main.cf parameters are especially relevant.
|
||||||
|
# The text below provides only a parameter summary. See
|
||||||
|
# postconf(5) for more details including examples.
|
||||||
|
#
|
||||||
|
# smtp_generic_maps
|
||||||
|
# Address mapping lookup table for envelope and
|
||||||
|
# header sender and recipient addresses while deliv-
|
||||||
|
# ering mail via SMTP.
|
||||||
|
#
|
||||||
|
# propagate_unmatched_extensions
|
||||||
|
# A list of address rewriting or forwarding mecha-
|
||||||
|
# nisms that propagate an address extension from the
|
||||||
|
# original address to the result. Specify zero or
|
||||||
|
# more of canonical, virtual, alias, forward,
|
||||||
|
# include, or generic.
|
||||||
|
#
|
||||||
|
# Other parameters of interest:
|
||||||
|
#
|
||||||
|
# inet_interfaces
|
||||||
|
# The network interface addresses that this system
|
||||||
|
# receives mail on. You need to stop and start Post-
|
||||||
|
# fix when this parameter changes.
|
||||||
|
#
|
||||||
|
# proxy_interfaces
|
||||||
|
# Other interfaces that this machine receives mail on
|
||||||
|
# by way of a proxy agent or network address transla-
|
||||||
|
# tor.
|
||||||
|
#
|
||||||
|
# mydestination
|
||||||
|
# List of domains that this mail system considers
|
||||||
|
# local.
|
||||||
|
#
|
||||||
|
# myorigin
|
||||||
|
# The domain that is appended to locally-posted mail.
|
||||||
|
#
|
||||||
|
# owner_request_special
|
||||||
|
# Give special treatment to owner-xxx and xxx-request
|
||||||
|
# addresses.
|
||||||
|
#
|
||||||
|
# SEE ALSO
|
||||||
|
# postmap(1), Postfix lookup table manager
|
||||||
|
# postconf(5), configuration parameters
|
||||||
|
# smtp(8), Postfix SMTP client
|
||||||
|
#
|
||||||
|
# README FILES
|
||||||
|
# Use "postconf readme_directory" or "postconf html_direc-
|
||||||
|
# tory" to locate this information.
|
||||||
|
# ADDRESS_REWRITING_README, address rewriting guide
|
||||||
|
# DATABASE_README, Postfix lookup table overview
|
||||||
|
# STANDARD_CONFIGURATION_README, configuration examples
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
# The Secure Mailer license must be distributed with this
|
||||||
|
# software.
|
||||||
|
#
|
||||||
|
# HISTORY
|
||||||
|
# A genericstable feature appears in the Sendmail MTA.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.2 and later.
|
||||||
|
#
|
||||||
|
# AUTHOR(S)
|
||||||
|
# Wietse Venema
|
||||||
|
# IBM T.J. Watson Research
|
||||||
|
# P.O. Box 704
|
||||||
|
# Yorktown Heights, NY 10598, USA
|
||||||
|
#
|
||||||
|
# GENERIC(5)
|
33
postfix/groots_in.crt
Normal file
33
postfix/groots_in.crt
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFsTCCBJmgAwIBAgIRAOeBUXsR9uC7cBgK65Zwr50wDQYJKoZIhvcNAQELBQAw
|
||||||
|
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
|
||||||
|
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
|
||||||
|
AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
|
||||||
|
QTAeFw0yMDEwMjkwMDAwMDBaFw0yMTEwMjkyMzU5NTlaMBYxFDASBgNVBAMMCyou
|
||||||
|
Z3Jvb3RzLmluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0573bHsM
|
||||||
|
aG3UW5FPM5kXOOebbBHFMZUquUOzb8HeFp6uqZKYKSlqsJBFrTxRpm1iQrr4YO/u
|
||||||
|
MjIv0W9ZdGxBFf3RX3mKQl9WItcpYXs61lnoOH2EWtFZ6u3H3Dk11HCA7KZ23r5e
|
||||||
|
9e5EEwyVfjBJvzNnLOBY3lgeiIitRM4RGGAswfNwyCkYZd8bs5ElRrnK8YoHVbcK
|
||||||
|
1tzQdfvA+KPK/1YV0kC7ImhNmvbgmSxyqz9MN2EdFs7HnYQQg8cDVQVh7iQpZOp2
|
||||||
|
C7z8JK9zKY5Ga2aYstY89qIrqDenZHDViZRRgpLUUtaEtXYkI39OILZ6zbYcVHzX
|
||||||
|
8bYBDHVcStJ0WQIDAQABo4ICfjCCAnowHwYDVR0jBBgwFoAUjYxexFStiuF36Zv5
|
||||||
|
mwXhuAGNYeEwHQYDVR0OBBYEFE61j/d2LrwbZ6YPClsL4971d3IdMA4GA1UdDwEB
|
||||||
|
/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
|
||||||
|
BQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0
|
||||||
|
dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2
|
||||||
|
ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FE
|
||||||
|
b21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdo
|
||||||
|
dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAhBgNVHREEGjAYggsqLmdyb290cy5pboIJ
|
||||||
|
Z3Jvb3RzLmluMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAfT7y+I//iFVoJMLA
|
||||||
|
yp5SiXkrxQ54CX8uapdomX4i8NcAAAF1dFuMzwAABAMARzBFAiAFuUbzv1eU4nDU
|
||||||
|
5dcmatwN5wl9SfvLV670SIA4DCwtwgIhAL0GP6U9aT3vordCgTBafJHuXWcO3azv
|
||||||
|
KylUKhVvvYS9AHYAlCC8Ho7VjWyIcx+CiyIsDdHaTV5sT5Q9YdtOL1hNosIAAAF1
|
||||||
|
dFuM+AAABAMARzBFAiBMPafYTYDwgJP+wBQAAtUY1eq5NN/R8lfjW0pweqU8cwIh
|
||||||
|
ALM1bKuKDPcLn+uvd4hZFa20Fqu4PCXfaKWHBjw08g+dMA0GCSqGSIb3DQEBCwUA
|
||||||
|
A4IBAQB+x5PX9X4xBWDLmmmTaZ4yIpIdnJKhC7n0SyHoV6Rd+EDxUEYc3yd+5P1A
|
||||||
|
ds5P768YzHAw04w04o6yFnGatfud1n31fNKRuBesM3Y7/UyYIJEL/l01VH6W4n/v
|
||||||
|
1kSlZzjzC7htgheHYHm11zIXkEyChXX8WwM/tauFHNTriGbJ69TCR40GrhplY8g9
|
||||||
|
GLKGAFv97OQDsl8ai2LAXZw5qgNf7HfvnmZd94vSJPYUHBlbYsWwx6Y30yhlMrxA
|
||||||
|
50uM0X0sjMxefXkTfpCLt9EMZTbPMCvR/8R9hv96AE9cg8buRG1CTAIylGyZ/qTF
|
||||||
|
lyqZA9Y4BB9/Lwg8DhXViQifBmsU
|
||||||
|
-----END CERTIFICATE-----
|
28
postfix/groots_in.key
Normal file
28
postfix/groots_in.key
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDTnvdsewxobdRb
|
||||||
|
kU8zmRc455tsEcUxlSq5Q7Nvwd4Wnq6pkpgpKWqwkEWtPFGmbWJCuvhg7+4yMi/R
|
||||||
|
b1l0bEEV/dFfeYpCX1Yi1ylhezrWWeg4fYRa0Vnq7cfcOTXUcIDspnbevl717kQT
|
||||||
|
DJV+MEm/M2cs4FjeWB6IiK1EzhEYYCzB83DIKRhl3xuzkSVGucrxigdVtwrW3NB1
|
||||||
|
+8D4o8r/VhXSQLsiaE2a9uCZLHKrP0w3YR0WzsedhBCDxwNVBWHuJClk6nYLvPwk
|
||||||
|
r3MpjkZrZpiy1jz2oiuoN6dkcNWJlFGCktRS1oS1diQjf04gtnrNthxUfNfxtgEM
|
||||||
|
dVxK0nRZAgMBAAECggEBALL92jkfOrd5bgylM2BpNIMlIwidXzU4/hIFeVglmjt3
|
||||||
|
rDQxkhH+vgbpgIWuZ0Flc58NldgoGEjMujVjAT6/8a0wKk+e9Zp+GNUPOCkDmhiD
|
||||||
|
oy9kuvY17OAQjuNuYGF3ZxTDF/f+/UL2bQ3PrwI0xau7RqFmgMRPtEO3lxaDVWJP
|
||||||
|
K7U9gvWXhESVVtFJzgAhlQCo5DXvO7LTzzcCV4wwMOKf+zKLCGbLt0pqnZ5f0u0q
|
||||||
|
y5vYyCVm+v3LxY6W21PtWP46q4UfxCkFjd+WDjrVIenFk5e5nEPSriMKYltVyFvd
|
||||||
|
HoSsYPLwaTfWRxuXPFke47XmqQtRu6yAyVDdD4iPgAECgYEA+s/SQBaZeih8YKzO
|
||||||
|
rd0p71zd7cjXvsWN0JKymQquxAOKyTke5iVyex9g4WZdUiWSUFNLDAMkFxgMFj4K
|
||||||
|
79PXrfEl+2Y6A/2+gv0H/JSimlwmUq5D7/43SNWVY2acBbtQvSgowv1XCpMp4aNV
|
||||||
|
jkSk1/pxxaT9DzZGlHUIU5NGJgECgYEA1/+b/5PrMvdUDBe3DanZpwhvMKWlsMX6
|
||||||
|
RcbnZzAqdwc+UpvWX9LJIEzNozwhnzACEUCKzFQRZeetYuSeqH7ifrIDH1QFC9ug
|
||||||
|
5MrTxZGK/79pqlbTmmJrw4DCPG2XwnXmgEh7aAy+osYLrsf+fFt7NLQcQcPOhWMv
|
||||||
|
7H3UaFg7PlkCgYEA6v2qFQfXln+2QPHH11hfAPh2qmJB2WjI/UFk+kTrB5X2A6B0
|
||||||
|
FdfCEh+NKsI4701qb74Kk1+iAc0zDeflYVyPOFa3ansWIkUsqRef0wQD8TIjadYC
|
||||||
|
qyn47FHI3M/3oNsmw4OL5V1tnufRFqps75XbCMyKqk5yFz2YFWItgfh7ggECgYBs
|
||||||
|
uQDw2Kfe85eerqE5g3FHHnu5ZOfN3xlm3gPEcP4vA7pfIon5mcQbOg2YSMAzvJqN
|
||||||
|
zIsQ5pALV15zFNi3v4aKd1gTANu5aEfIYj/OhsAMk3DAiQvh/gB4W+tpN1DYVTg9
|
||||||
|
Aj771M5waHeg9pImTnXpxW8ju0fM5GxPAddU3nSToQKBgQDmKcqgOEoRTa7iaCNQ
|
||||||
|
Ddd+OocgXLGg6Wxe6LmHV8ClgMhMNWcfUXM28pPYTNgdeoe4jxjStnkLvbsmUbAj
|
||||||
|
rOA2AMdb0zWTZQpiRPqNy0G0iN9xAO0UFtb9FTfF4VTb0pVzmIo2SAPzv0Uy6wAK
|
||||||
|
/x77HtimSkt/W6JEUXMlcoAZYA==
|
||||||
|
-----END PRIVATE KEY-----
|
67
postfix/groots_in_ca.crt
Normal file
67
postfix/groots_in_ca.crt
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
|
||||||
|
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
|
||||||
|
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
|
||||||
|
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
|
||||||
|
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
|
||||||
|
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
|
||||||
|
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
|
||||||
|
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||||
|
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
|
||||||
|
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
|
||||||
|
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
|
||||||
|
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
|
||||||
|
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
|
||||||
|
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
|
||||||
|
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
|
||||||
|
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
|
||||||
|
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
|
||||||
|
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
|
||||||
|
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
|
||||||
|
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
|
||||||
|
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
|
||||||
|
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
|
||||||
|
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
|
||||||
|
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
|
||||||
|
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
|
||||||
|
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
|
||||||
|
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
|
||||||
|
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
|
||||||
|
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
|
||||||
|
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
|
||||||
|
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
|
||||||
|
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
|
||||||
|
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
|
||||||
|
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
|
||||||
|
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
|
||||||
|
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
|
||||||
|
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
|
||||||
|
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
|
||||||
|
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
|
||||||
|
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
|
||||||
|
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
|
||||||
|
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
|
||||||
|
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
|
||||||
|
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
|
||||||
|
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
|
||||||
|
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
|
||||||
|
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
|
||||||
|
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
|
||||||
|
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
|
||||||
|
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
|
||||||
|
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
|
||||||
|
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
|
||||||
|
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
|
||||||
|
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
|
||||||
|
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
|
||||||
|
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
|
||||||
|
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
|
||||||
|
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
|
||||||
|
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
|
||||||
|
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
|
||||||
|
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
|
||||||
|
vGp4z7h/jnZymQyd/teRCBaho1+V
|
||||||
|
-----END CERTIFICATE-----
|
499
postfix/header_checks
Normal file
499
postfix/header_checks
Normal file
|
@ -0,0 +1,499 @@
|
||||||
|
# HEADER_CHECKS(5) HEADER_CHECKS(5)
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# header_checks - Postfix built-in content inspection
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# header_checks = pcre:/etc/postfix/header_checks
|
||||||
|
# mime_header_checks = pcre:/etc/postfix/mime_header_checks
|
||||||
|
# nested_header_checks = pcre:/etc/postfix/nested_header_checks
|
||||||
|
# body_checks = pcre:/etc/postfix/body_checks
|
||||||
|
#
|
||||||
|
# milter_header_checks = pcre:/etc/postfix/milter_header_checks
|
||||||
|
#
|
||||||
|
# smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
|
||||||
|
# smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks
|
||||||
|
# smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks
|
||||||
|
# smtp_body_checks = pcre:/etc/postfix/smtp_body_checks
|
||||||
|
#
|
||||||
|
# postmap -q "string" pcre:/etc/postfix/filename
|
||||||
|
# postmap -q - pcre:/etc/postfix/filename <inputfile
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# This document describes access control on the content of
|
||||||
|
# message headers and message body lines; it is implemented
|
||||||
|
# by the Postfix cleanup(8) server before mail is queued.
|
||||||
|
# See access(5) for access control on remote SMTP client
|
||||||
|
# information.
|
||||||
|
#
|
||||||
|
# Each message header or message body line is compared
|
||||||
|
# against a list of patterns. When a match is found the
|
||||||
|
# corresponding action is executed, and the matching process
|
||||||
|
# is repeated for the next message header or message body
|
||||||
|
# line.
|
||||||
|
#
|
||||||
|
# Note: message headers are examined one logical header at a
|
||||||
|
# time, even when a message header spans multiple lines.
|
||||||
|
# Body lines are always examined one line at a time.
|
||||||
|
#
|
||||||
|
# For examples, see the EXAMPLES section at the end of this
|
||||||
|
# manual page.
|
||||||
|
#
|
||||||
|
# Postfix header or body_checks are designed to stop a flood
|
||||||
|
# of mail from worms or viruses; they do not decode attach-
|
||||||
|
# ments, and they do not unzip archives. See the documents
|
||||||
|
# referenced below in the README FILES section if you need
|
||||||
|
# more sophisticated content analysis.
|
||||||
|
#
|
||||||
|
# FILTERS WHILE RECEIVING MAIL
|
||||||
|
# Postfix implements the following four built-in content
|
||||||
|
# inspection classes while receiving mail:
|
||||||
|
#
|
||||||
|
# header_checks (default: empty)
|
||||||
|
# These are applied to initial message headers
|
||||||
|
# (except for the headers that are processed with
|
||||||
|
# mime_header_checks).
|
||||||
|
#
|
||||||
|
# mime_header_checks (default: $header_checks)
|
||||||
|
# These are applied to MIME related message headers
|
||||||
|
# only.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# nested_header_checks (default: $header_checks)
|
||||||
|
# These are applied to message headers of attached
|
||||||
|
# email messages (except for the headers that are
|
||||||
|
# processed with mime_header_checks).
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# body_checks
|
||||||
|
# These are applied to all other content, including
|
||||||
|
# multi-part message boundaries.
|
||||||
|
#
|
||||||
|
# With Postfix versions before 2.0, all content after
|
||||||
|
# the initial message headers is treated as body con-
|
||||||
|
# tent.
|
||||||
|
#
|
||||||
|
# FILTERS AFTER RECEIVING MAIL
|
||||||
|
# Postfix supports a subset of the built-in content inspec-
|
||||||
|
# tion classes after the message is received:
|
||||||
|
#
|
||||||
|
# milter_header_checks (default: empty)
|
||||||
|
# These are applied to headers that are added with
|
||||||
|
# Milter applications.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.7 and later.
|
||||||
|
#
|
||||||
|
# FILTERS WHILE DELIVERING MAIL
|
||||||
|
# Postfix supports all four content inspection classes while
|
||||||
|
# delivering mail via SMTP.
|
||||||
|
#
|
||||||
|
# smtp_header_checks (default: empty)
|
||||||
|
#
|
||||||
|
# smtp_mime_header_checks (default: empty)
|
||||||
|
#
|
||||||
|
# smtp_nested_header_checks (default: empty)
|
||||||
|
#
|
||||||
|
# smtp_body_checks (default: empty)
|
||||||
|
# These features are available in Postfix 2.5 and
|
||||||
|
# later.
|
||||||
|
#
|
||||||
|
# COMPATIBILITY
|
||||||
|
# With Postfix version 2.2 and earlier specify "postmap -fq"
|
||||||
|
# to query a table that contains case sensitive patterns. By
|
||||||
|
# default, regexp: and pcre: patterns are case insensitive.
|
||||||
|
#
|
||||||
|
# TABLE FORMAT
|
||||||
|
# This document assumes that header and body_checks rules
|
||||||
|
# are specified in the form of Postfix regular expression
|
||||||
|
# lookup tables. Usually the best performance is obtained
|
||||||
|
# with pcre (Perl Compatible Regular Expression) tables. The
|
||||||
|
# regexp (POSIX regular expressions) tables are usually
|
||||||
|
# slower, but more widely available. Use the command "post-
|
||||||
|
# conf -m" to find out what lookup table types your Postfix
|
||||||
|
# system supports.
|
||||||
|
#
|
||||||
|
# The general format of Postfix regular expression tables is
|
||||||
|
# given below. For a discussion of specific pattern or
|
||||||
|
# flags syntax, see pcre_table(5) or regexp_table(5),
|
||||||
|
# respectively.
|
||||||
|
#
|
||||||
|
# /pattern/flags action
|
||||||
|
# When /pattern/ matches the input string, execute
|
||||||
|
# the corresponding action. See below for a list of
|
||||||
|
# possible actions.
|
||||||
|
#
|
||||||
|
# !/pattern/flags action
|
||||||
|
# When /pattern/ does not match the input string,
|
||||||
|
# execute the corresponding action.
|
||||||
|
#
|
||||||
|
# if /pattern/flags
|
||||||
|
#
|
||||||
|
# endif Match the input string against the patterns between
|
||||||
|
# if and endif, if and only if the same input string
|
||||||
|
# also matches /pattern/. The if..endif can nest.
|
||||||
|
#
|
||||||
|
# Note: do not prepend whitespace to patterns inside
|
||||||
|
# if..endif.
|
||||||
|
#
|
||||||
|
# if !/pattern/flags
|
||||||
|
#
|
||||||
|
# endif Match the input string against the patterns between
|
||||||
|
# if and endif, if and only if the same input string
|
||||||
|
# does not match /pattern/. The if..endif can nest.
|
||||||
|
#
|
||||||
|
# blank lines and comments
|
||||||
|
# Empty lines and whitespace-only lines are ignored,
|
||||||
|
# as are lines whose first non-whitespace character
|
||||||
|
# is a `#'.
|
||||||
|
#
|
||||||
|
# multi-line text
|
||||||
|
# A pattern/action line starts with non-whitespace
|
||||||
|
# text. A line that starts with whitespace continues
|
||||||
|
# a logical line.
|
||||||
|
#
|
||||||
|
# TABLE SEARCH ORDER
|
||||||
|
# For each line of message input, the patterns are applied
|
||||||
|
# in the order as specified in the table. When a pattern is
|
||||||
|
# found that matches the input line, the corresponding
|
||||||
|
# action is executed and then the next input line is
|
||||||
|
# inspected.
|
||||||
|
#
|
||||||
|
# TEXT SUBSTITUTION
|
||||||
|
# Substitution of substrings from the matched expression
|
||||||
|
# into the action string is possible using the conventional
|
||||||
|
# Perl syntax ($1, $2, etc.). The macros in the result
|
||||||
|
# string may need to be written as ${n} or $(n) if they
|
||||||
|
# aren't followed by whitespace.
|
||||||
|
#
|
||||||
|
# Note: since negated patterns (those preceded by !) return
|
||||||
|
# a result when the expression does not match, substitutions
|
||||||
|
# are not available for negated patterns.
|
||||||
|
#
|
||||||
|
# ACTIONS
|
||||||
|
# Action names are case insensitive. They are shown in upper
|
||||||
|
# case for consistency with other Postfix documentation.
|
||||||
|
#
|
||||||
|
# DISCARD optional text...
|
||||||
|
# Claim successful delivery and silently discard the
|
||||||
|
# message. Log the optional text if specified, oth-
|
||||||
|
# erwise log a generic message.
|
||||||
|
#
|
||||||
|
# Note: this action disables further header or
|
||||||
|
# body_checks inspection of the current message and
|
||||||
|
# affects all recipients. To discard only one recip-
|
||||||
|
# ient without discarding the entire message, use the
|
||||||
|
# transport(5) table to direct mail to the discard(8)
|
||||||
|
# service.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# DUNNO Pretend that the input line did not match any pat-
|
||||||
|
# tern, and inspect the next input line. This action
|
||||||
|
# can be used to shorten the table search.
|
||||||
|
#
|
||||||
|
# For backwards compatibility reasons, Postfix also
|
||||||
|
# accepts OK but it is (and always has been) treated
|
||||||
|
# as DUNNO.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# FILTER transport:destination
|
||||||
|
# After the message is queued, send the entire mes-
|
||||||
|
# sage through the specified external content filter.
|
||||||
|
# The transport name specifies the first field of a
|
||||||
|
# mail delivery agent definition in master.cf; the
|
||||||
|
# syntax of the next-hop destination is described in
|
||||||
|
# the manual page of the corresponding delivery
|
||||||
|
# agent. More information about external content
|
||||||
|
# filters is in the Postfix FILTER_README file.
|
||||||
|
#
|
||||||
|
# Note 1: do not use $number regular expression sub-
|
||||||
|
# stitutions for transport or destination unless you
|
||||||
|
# know that the information has a trusted origin.
|
||||||
|
#
|
||||||
|
# Note 2: this action overrides the main.cf con-
|
||||||
|
# tent_filter setting, and affects all recipients of
|
||||||
|
# the message. In the case that multiple FILTER
|
||||||
|
# actions fire, only the last one is executed.
|
||||||
|
#
|
||||||
|
# Note 3: the purpose of the FILTER command is to
|
||||||
|
# override message routing. To override the recipi-
|
||||||
|
# ent's transport but not the next-hop destination,
|
||||||
|
# specify an empty filter destination (Postfix 2.7
|
||||||
|
# and later), or specify a transport:destination that
|
||||||
|
# delivers through a different Postfix instance
|
||||||
|
# (Postfix 2.6 and earlier). Other options are using
|
||||||
|
# the recipient-dependent transport_maps or the sen-
|
||||||
|
# der-dependent sender_dependent_default_transport-
|
||||||
|
# _maps features.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# HOLD optional text...
|
||||||
|
# Arrange for the message to be placed on the hold
|
||||||
|
# queue, and inspect the next input line. The mes-
|
||||||
|
# sage remains on hold until someone either deletes
|
||||||
|
# it or releases it for delivery. Log the optional
|
||||||
|
# text if specified, otherwise log a generic message.
|
||||||
|
#
|
||||||
|
# Mail that is placed on hold can be examined with
|
||||||
|
# the postcat(1) command, and can be destroyed or
|
||||||
|
# released with the postsuper(1) command.
|
||||||
|
#
|
||||||
|
# Note: use "postsuper -r" to release mail that was
|
||||||
|
# kept on hold for a significant fraction of $maxi-
|
||||||
|
# mal_queue_lifetime or $bounce_queue_lifetime, or
|
||||||
|
# longer. Use "postsuper -H" only for mail that will
|
||||||
|
# not expire within a few delivery attempts.
|
||||||
|
#
|
||||||
|
# Note: this action affects all recipients of the
|
||||||
|
# message.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# IGNORE Delete the current line from the input, and inspect
|
||||||
|
# the next input line.
|
||||||
|
#
|
||||||
|
# INFO optional text...
|
||||||
|
# Log an "info:" record with the optional text... (or
|
||||||
|
# log a generic text), and inspect the next input
|
||||||
|
# line. This action is useful for routine logging or
|
||||||
|
# for debugging.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.8 and later.
|
||||||
|
#
|
||||||
|
# PREPEND text...
|
||||||
|
# Prepend one line with the specified text, and
|
||||||
|
# inspect the next input line.
|
||||||
|
#
|
||||||
|
# Notes:
|
||||||
|
#
|
||||||
|
# o The prepended text is output on a separate
|
||||||
|
# line, immediately before the input that
|
||||||
|
# triggered the PREPEND action.
|
||||||
|
#
|
||||||
|
# o The prepended text is not considered part of
|
||||||
|
# the input stream: it is not subject to
|
||||||
|
# header/body checks or address rewriting, and
|
||||||
|
# it does not affect the way that Postfix adds
|
||||||
|
# missing message headers.
|
||||||
|
#
|
||||||
|
# o When prepending text before a message header
|
||||||
|
# line, the prepended text must begin with a
|
||||||
|
# valid message header label.
|
||||||
|
#
|
||||||
|
# o This action cannot be used to prepend multi-
|
||||||
|
# line text.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with mil-
|
||||||
|
# ter_header_checks.
|
||||||
|
#
|
||||||
|
# REDIRECT user@domain
|
||||||
|
# Write a message redirection request to the queue
|
||||||
|
# file, and inspect the next input line. After the
|
||||||
|
# message is queued, it will be sent to the specified
|
||||||
|
# address instead of the intended recipient(s).
|
||||||
|
#
|
||||||
|
# Note: this action overrides the FILTER action, and
|
||||||
|
# affects all recipients of the message. If multiple
|
||||||
|
# REDIRECT actions fire, only the last one is exe-
|
||||||
|
# cuted.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# REPLACE text...
|
||||||
|
# Replace the current line with the specified text,
|
||||||
|
# and inspect the next input line.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.2 and later.
|
||||||
|
# The description below applies to Postfix 2.2.2 and
|
||||||
|
# later.
|
||||||
|
#
|
||||||
|
# Notes:
|
||||||
|
#
|
||||||
|
# o When replacing a message header line, the
|
||||||
|
# replacement text must begin with a valid
|
||||||
|
# header label.
|
||||||
|
#
|
||||||
|
# o The replaced text remains part of the input
|
||||||
|
# stream. Unlike the result from the PREPEND
|
||||||
|
# action, a replaced message header may be
|
||||||
|
# subject to address rewriting and may affect
|
||||||
|
# the way that Postfix adds missing message
|
||||||
|
# headers.
|
||||||
|
#
|
||||||
|
# REJECT optional text...
|
||||||
|
# Reject the entire message. Reply with optional
|
||||||
|
# text... when the optional text is specified, other-
|
||||||
|
# wise reply with a generic error message.
|
||||||
|
#
|
||||||
|
# Note: this action disables further header or
|
||||||
|
# body_checks inspection of the current message and
|
||||||
|
# affects all recipients.
|
||||||
|
#
|
||||||
|
# Postfix version 2.3 and later support enhanced sta-
|
||||||
|
# tus codes. When no code is specified at the begin-
|
||||||
|
# ning of optional text..., Postfix inserts a default
|
||||||
|
# enhanced status code of "5.7.1".
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# WARN optional text...
|
||||||
|
# Log a "warning:" record with the optional text...
|
||||||
|
# (or log a generic text), and inspect the next input
|
||||||
|
# line. This action is useful for debugging and for
|
||||||
|
# testing a pattern before applying more drastic
|
||||||
|
# actions.
|
||||||
|
#
|
||||||
|
# BUGS
|
||||||
|
# Empty lines never match, because some map types mis-behave
|
||||||
|
# when given a zero-length search string. This limitation
|
||||||
|
# may be removed for regular expression tables in a future
|
||||||
|
# release.
|
||||||
|
#
|
||||||
|
# Many people overlook the main limitations of header and
|
||||||
|
# body_checks rules.
|
||||||
|
#
|
||||||
|
# o These rules operate on one logical message header
|
||||||
|
# or one body line at a time. A decision made for one
|
||||||
|
# line is not carried over to the next line.
|
||||||
|
#
|
||||||
|
# o If text in the message body is encoded (RFC 2045)
|
||||||
|
# then the rules need to be specified for the encoded
|
||||||
|
# form.
|
||||||
|
#
|
||||||
|
# o Likewise, when message headers are encoded (RFC
|
||||||
|
# 2047) then the rules need to be specified for the
|
||||||
|
# encoded form.
|
||||||
|
#
|
||||||
|
# Message headers added by the cleanup(8) daemon itself are
|
||||||
|
# excluded from inspection. Examples of such message headers
|
||||||
|
# are From:, To:, Message-ID:, Date:.
|
||||||
|
#
|
||||||
|
# Message headers deleted by the cleanup(8) daemon will be
|
||||||
|
# examined before they are deleted. Examples are: Bcc:, Con-
|
||||||
|
# tent-Length:, Return-Path:.
|
||||||
|
#
|
||||||
|
# CONFIGURATION PARAMETERS
|
||||||
|
# body_checks
|
||||||
|
# Lookup tables with content filter rules for message
|
||||||
|
# body lines. These filters see one physical line at
|
||||||
|
# a time, in chunks of at most $line_length_limit
|
||||||
|
# bytes.
|
||||||
|
#
|
||||||
|
# body_checks_size_limit
|
||||||
|
# The amount of content per message body segment
|
||||||
|
# (attachment) that is subjected to $body_checks fil-
|
||||||
|
# tering.
|
||||||
|
#
|
||||||
|
# header_checks
|
||||||
|
#
|
||||||
|
# mime_header_checks (default: $header_checks)
|
||||||
|
#
|
||||||
|
# nested_header_checks (default: $header_checks)
|
||||||
|
# Lookup tables with content filter rules for message
|
||||||
|
# header lines: respectively, these are applied to
|
||||||
|
# the initial message headers (not including MIME
|
||||||
|
# headers), to the MIME headers anywhere in the mes-
|
||||||
|
# sage, and to the initial headers of attached mes-
|
||||||
|
# sages.
|
||||||
|
#
|
||||||
|
# Note: these filters see one logical message header
|
||||||
|
# at a time, even when a message header spans multi-
|
||||||
|
# ple lines. Message headers that are longer than
|
||||||
|
# $header_size_limit characters are truncated.
|
||||||
|
#
|
||||||
|
# disable_mime_input_processing
|
||||||
|
# While receiving mail, give no special treatment to
|
||||||
|
# MIME related message headers; all text after the
|
||||||
|
# initial message headers is considered to be part of
|
||||||
|
# the message body. This means that header_checks is
|
||||||
|
# applied to all the initial message headers, and
|
||||||
|
# that body_checks is applied to the remainder of the
|
||||||
|
# message.
|
||||||
|
#
|
||||||
|
# Note: when used in this manner, body_checks will
|
||||||
|
# process a multi-line message header one line at a
|
||||||
|
# time.
|
||||||
|
#
|
||||||
|
# EXAMPLES
|
||||||
|
# Header pattern to block attachments with bad file name
|
||||||
|
# extensions. For convenience, the PCRE /x flag is speci-
|
||||||
|
# fied, so that there is no need to collapse the pattern
|
||||||
|
# into a single line of text. The purpose of the
|
||||||
|
# [[:xdigit:]] sub-expressions is to recognize Windows CLSID
|
||||||
|
# strings.
|
||||||
|
#
|
||||||
|
# /etc/postfix/main.cf:
|
||||||
|
# header_checks = pcre:/etc/postfix/header_checks.pcre
|
||||||
|
#
|
||||||
|
# /etc/postfix/header_checks.pcre:
|
||||||
|
# /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
|
||||||
|
# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
|
||||||
|
# hlp|ht[at]|
|
||||||
|
# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
|
||||||
|
# \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
|
||||||
|
# ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
|
||||||
|
# vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
|
||||||
|
# REJECT Attachment name "$2" may not end with ".$4"
|
||||||
|
#
|
||||||
|
# Body pattern to stop a specific HTML browser vulnerability
|
||||||
|
# exploit.
|
||||||
|
#
|
||||||
|
# /etc/postfix/main.cf:
|
||||||
|
# body_checks = regexp:/etc/postfix/body_checks
|
||||||
|
#
|
||||||
|
# /etc/postfix/body_checks:
|
||||||
|
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
|
||||||
|
# REJECT IFRAME vulnerability exploit
|
||||||
|
#
|
||||||
|
# SEE ALSO
|
||||||
|
# cleanup(8), canonicalize and enqueue Postfix message
|
||||||
|
# pcre_table(5), format of PCRE lookup tables
|
||||||
|
# regexp_table(5), format of POSIX regular expression tables
|
||||||
|
# postconf(1), Postfix configuration utility
|
||||||
|
# postmap(1), Postfix lookup table management
|
||||||
|
# postsuper(1), Postfix janitor
|
||||||
|
# postcat(1), show Postfix queue file contents
|
||||||
|
# RFC 2045, base64 and quoted-printable encoding rules
|
||||||
|
# RFC 2047, message header encoding for non-ASCII text
|
||||||
|
#
|
||||||
|
# README FILES
|
||||||
|
# Use "postconf readme_directory" or "postconf html_direc-
|
||||||
|
# tory" to locate this information.
|
||||||
|
# DATABASE_README, Postfix lookup table overview
|
||||||
|
# CONTENT_INSPECTION_README, Postfix content inspection overview
|
||||||
|
# BUILTIN_FILTER_README, Postfix built-in content inspection
|
||||||
|
# BACKSCATTER_README, blocking returned forged mail
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
# The Secure Mailer license must be distributed with this
|
||||||
|
# software.
|
||||||
|
#
|
||||||
|
# AUTHOR(S)
|
||||||
|
# Wietse Venema
|
||||||
|
# IBM T.J. Watson Research
|
||||||
|
# P.O. Box 704
|
||||||
|
# Yorktown Heights, NY 10598, USA
|
||||||
|
#
|
||||||
|
# HEADER_CHECKS(5)
|
||||||
|
#
|
||||||
|
/^Subject:/ WARN
|
||||||
|
/filename=\"?(.*)\"?$/ WARN
|
496
postfix/header_checks_original
Normal file
496
postfix/header_checks_original
Normal file
|
@ -0,0 +1,496 @@
|
||||||
|
# HEADER_CHECKS(5) HEADER_CHECKS(5)
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# header_checks - Postfix built-in content inspection
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# header_checks = pcre:/etc/postfix/header_checks
|
||||||
|
# mime_header_checks = pcre:/etc/postfix/mime_header_checks
|
||||||
|
# nested_header_checks = pcre:/etc/postfix/nested_header_checks
|
||||||
|
# body_checks = pcre:/etc/postfix/body_checks
|
||||||
|
#
|
||||||
|
# milter_header_checks = pcre:/etc/postfix/milter_header_checks
|
||||||
|
#
|
||||||
|
# smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
|
||||||
|
# smtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks
|
||||||
|
# smtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks
|
||||||
|
# smtp_body_checks = pcre:/etc/postfix/smtp_body_checks
|
||||||
|
#
|
||||||
|
# postmap -q "string" pcre:/etc/postfix/filename
|
||||||
|
# postmap -q - pcre:/etc/postfix/filename <inputfile
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# This document describes access control on the content of
|
||||||
|
# message headers and message body lines; it is implemented
|
||||||
|
# by the Postfix cleanup(8) server before mail is queued.
|
||||||
|
# See access(5) for access control on remote SMTP client
|
||||||
|
# information.
|
||||||
|
#
|
||||||
|
# Each message header or message body line is compared
|
||||||
|
# against a list of patterns. When a match is found the
|
||||||
|
# corresponding action is executed, and the matching process
|
||||||
|
# is repeated for the next message header or message body
|
||||||
|
# line.
|
||||||
|
#
|
||||||
|
# Note: message headers are examined one logical header at a
|
||||||
|
# time, even when a message header spans multiple lines.
|
||||||
|
# Body lines are always examined one line at a time.
|
||||||
|
#
|
||||||
|
# For examples, see the EXAMPLES section at the end of this
|
||||||
|
# manual page.
|
||||||
|
#
|
||||||
|
# Postfix header or body_checks are designed to stop a flood
|
||||||
|
# of mail from worms or viruses; they do not decode attach-
|
||||||
|
# ments, and they do not unzip archives. See the documents
|
||||||
|
# referenced below in the README FILES section if you need
|
||||||
|
# more sophisticated content analysis.
|
||||||
|
#
|
||||||
|
# FILTERS WHILE RECEIVING MAIL
|
||||||
|
# Postfix implements the following four built-in content
|
||||||
|
# inspection classes while receiving mail:
|
||||||
|
#
|
||||||
|
# header_checks (default: empty)
|
||||||
|
# These are applied to initial message headers
|
||||||
|
# (except for the headers that are processed with
|
||||||
|
# mime_header_checks).
|
||||||
|
#
|
||||||
|
# mime_header_checks (default: $header_checks)
|
||||||
|
# These are applied to MIME related message headers
|
||||||
|
# only.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# nested_header_checks (default: $header_checks)
|
||||||
|
# These are applied to message headers of attached
|
||||||
|
# email messages (except for the headers that are
|
||||||
|
# processed with mime_header_checks).
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# body_checks
|
||||||
|
# These are applied to all other content, including
|
||||||
|
# multi-part message boundaries.
|
||||||
|
#
|
||||||
|
# With Postfix versions before 2.0, all content after
|
||||||
|
# the initial message headers is treated as body con-
|
||||||
|
# tent.
|
||||||
|
#
|
||||||
|
# FILTERS AFTER RECEIVING MAIL
|
||||||
|
# Postfix supports a subset of the built-in content inspec-
|
||||||
|
# tion classes after the message is received:
|
||||||
|
#
|
||||||
|
# milter_header_checks (default: empty)
|
||||||
|
# These are applied to headers that are added with
|
||||||
|
# Milter applications.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.7 and later.
|
||||||
|
#
|
||||||
|
# FILTERS WHILE DELIVERING MAIL
|
||||||
|
# Postfix supports all four content inspection classes while
|
||||||
|
# delivering mail via SMTP.
|
||||||
|
#
|
||||||
|
# smtp_header_checks (default: empty)
|
||||||
|
#
|
||||||
|
# smtp_mime_header_checks (default: empty)
|
||||||
|
#
|
||||||
|
# smtp_nested_header_checks (default: empty)
|
||||||
|
#
|
||||||
|
# smtp_body_checks (default: empty)
|
||||||
|
# These features are available in Postfix 2.5 and
|
||||||
|
# later.
|
||||||
|
#
|
||||||
|
# COMPATIBILITY
|
||||||
|
# With Postfix version 2.2 and earlier specify "postmap -fq"
|
||||||
|
# to query a table that contains case sensitive patterns. By
|
||||||
|
# default, regexp: and pcre: patterns are case insensitive.
|
||||||
|
#
|
||||||
|
# TABLE FORMAT
|
||||||
|
# This document assumes that header and body_checks rules
|
||||||
|
# are specified in the form of Postfix regular expression
|
||||||
|
# lookup tables. Usually the best performance is obtained
|
||||||
|
# with pcre (Perl Compatible Regular Expression) tables. The
|
||||||
|
# regexp (POSIX regular expressions) tables are usually
|
||||||
|
# slower, but more widely available. Use the command "post-
|
||||||
|
# conf -m" to find out what lookup table types your Postfix
|
||||||
|
# system supports.
|
||||||
|
#
|
||||||
|
# The general format of Postfix regular expression tables is
|
||||||
|
# given below. For a discussion of specific pattern or
|
||||||
|
# flags syntax, see pcre_table(5) or regexp_table(5),
|
||||||
|
# respectively.
|
||||||
|
#
|
||||||
|
# /pattern/flags action
|
||||||
|
# When /pattern/ matches the input string, execute
|
||||||
|
# the corresponding action. See below for a list of
|
||||||
|
# possible actions.
|
||||||
|
#
|
||||||
|
# !/pattern/flags action
|
||||||
|
# When /pattern/ does not match the input string,
|
||||||
|
# execute the corresponding action.
|
||||||
|
#
|
||||||
|
# if /pattern/flags
|
||||||
|
#
|
||||||
|
# endif Match the input string against the patterns between
|
||||||
|
# if and endif, if and only if the same input string
|
||||||
|
# also matches /pattern/. The if..endif can nest.
|
||||||
|
#
|
||||||
|
# Note: do not prepend whitespace to patterns inside
|
||||||
|
# if..endif.
|
||||||
|
#
|
||||||
|
# if !/pattern/flags
|
||||||
|
#
|
||||||
|
# endif Match the input string against the patterns between
|
||||||
|
# if and endif, if and only if the same input string
|
||||||
|
# does not match /pattern/. The if..endif can nest.
|
||||||
|
#
|
||||||
|
# blank lines and comments
|
||||||
|
# Empty lines and whitespace-only lines are ignored,
|
||||||
|
# as are lines whose first non-whitespace character
|
||||||
|
# is a `#'.
|
||||||
|
#
|
||||||
|
# multi-line text
|
||||||
|
# A pattern/action line starts with non-whitespace
|
||||||
|
# text. A line that starts with whitespace continues
|
||||||
|
# a logical line.
|
||||||
|
#
|
||||||
|
# TABLE SEARCH ORDER
|
||||||
|
# For each line of message input, the patterns are applied
|
||||||
|
# in the order as specified in the table. When a pattern is
|
||||||
|
# found that matches the input line, the corresponding
|
||||||
|
# action is executed and then the next input line is
|
||||||
|
# inspected.
|
||||||
|
#
|
||||||
|
# TEXT SUBSTITUTION
|
||||||
|
# Substitution of substrings from the matched expression
|
||||||
|
# into the action string is possible using the conventional
|
||||||
|
# Perl syntax ($1, $2, etc.). The macros in the result
|
||||||
|
# string may need to be written as ${n} or $(n) if they
|
||||||
|
# aren't followed by whitespace.
|
||||||
|
#
|
||||||
|
# Note: since negated patterns (those preceded by !) return
|
||||||
|
# a result when the expression does not match, substitutions
|
||||||
|
# are not available for negated patterns.
|
||||||
|
#
|
||||||
|
# ACTIONS
|
||||||
|
# Action names are case insensitive. They are shown in upper
|
||||||
|
# case for consistency with other Postfix documentation.
|
||||||
|
#
|
||||||
|
# DISCARD optional text...
|
||||||
|
# Claim successful delivery and silently discard the
|
||||||
|
# message. Log the optional text if specified, oth-
|
||||||
|
# erwise log a generic message.
|
||||||
|
#
|
||||||
|
# Note: this action disables further header or
|
||||||
|
# body_checks inspection of the current message and
|
||||||
|
# affects all recipients. To discard only one recip-
|
||||||
|
# ient without discarding the entire message, use the
|
||||||
|
# transport(5) table to direct mail to the discard(8)
|
||||||
|
# service.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# DUNNO Pretend that the input line did not match any pat-
|
||||||
|
# tern, and inspect the next input line. This action
|
||||||
|
# can be used to shorten the table search.
|
||||||
|
#
|
||||||
|
# For backwards compatibility reasons, Postfix also
|
||||||
|
# accepts OK but it is (and always has been) treated
|
||||||
|
# as DUNNO.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# FILTER transport:destination
|
||||||
|
# After the message is queued, send the entire mes-
|
||||||
|
# sage through the specified external content filter.
|
||||||
|
# The transport name specifies the first field of a
|
||||||
|
# mail delivery agent definition in master.cf; the
|
||||||
|
# syntax of the next-hop destination is described in
|
||||||
|
# the manual page of the corresponding delivery
|
||||||
|
# agent. More information about external content
|
||||||
|
# filters is in the Postfix FILTER_README file.
|
||||||
|
#
|
||||||
|
# Note 1: do not use $number regular expression sub-
|
||||||
|
# stitutions for transport or destination unless you
|
||||||
|
# know that the information has a trusted origin.
|
||||||
|
#
|
||||||
|
# Note 2: this action overrides the main.cf con-
|
||||||
|
# tent_filter setting, and affects all recipients of
|
||||||
|
# the message. In the case that multiple FILTER
|
||||||
|
# actions fire, only the last one is executed.
|
||||||
|
#
|
||||||
|
# Note 3: the purpose of the FILTER command is to
|
||||||
|
# override message routing. To override the recipi-
|
||||||
|
# ent's transport but not the next-hop destination,
|
||||||
|
# specify an empty filter destination (Postfix 2.7
|
||||||
|
# and later), or specify a transport:destination that
|
||||||
|
# delivers through a different Postfix instance
|
||||||
|
# (Postfix 2.6 and earlier). Other options are using
|
||||||
|
# the recipient-dependent transport_maps or the sen-
|
||||||
|
# der-dependent sender_dependent_default_transport-
|
||||||
|
# _maps features.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# HOLD optional text...
|
||||||
|
# Arrange for the message to be placed on the hold
|
||||||
|
# queue, and inspect the next input line. The mes-
|
||||||
|
# sage remains on hold until someone either deletes
|
||||||
|
# it or releases it for delivery. Log the optional
|
||||||
|
# text if specified, otherwise log a generic message.
|
||||||
|
#
|
||||||
|
# Mail that is placed on hold can be examined with
|
||||||
|
# the postcat(1) command, and can be destroyed or
|
||||||
|
# released with the postsuper(1) command.
|
||||||
|
#
|
||||||
|
# Note: use "postsuper -r" to release mail that was
|
||||||
|
# kept on hold for a significant fraction of $maxi-
|
||||||
|
# mal_queue_lifetime or $bounce_queue_lifetime, or
|
||||||
|
# longer. Use "postsuper -H" only for mail that will
|
||||||
|
# not expire within a few delivery attempts.
|
||||||
|
#
|
||||||
|
# Note: this action affects all recipients of the
|
||||||
|
# message.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# IGNORE Delete the current line from the input, and inspect
|
||||||
|
# the next input line.
|
||||||
|
#
|
||||||
|
# INFO optional text...
|
||||||
|
# Log an "info:" record with the optional text... (or
|
||||||
|
# log a generic text), and inspect the next input
|
||||||
|
# line. This action is useful for routine logging or
|
||||||
|
# for debugging.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.8 and later.
|
||||||
|
#
|
||||||
|
# PREPEND text...
|
||||||
|
# Prepend one line with the specified text, and
|
||||||
|
# inspect the next input line.
|
||||||
|
#
|
||||||
|
# Notes:
|
||||||
|
#
|
||||||
|
# o The prepended text is output on a separate
|
||||||
|
# line, immediately before the input that
|
||||||
|
# triggered the PREPEND action.
|
||||||
|
#
|
||||||
|
# o The prepended text is not considered part of
|
||||||
|
# the input stream: it is not subject to
|
||||||
|
# header/body checks or address rewriting, and
|
||||||
|
# it does not affect the way that Postfix adds
|
||||||
|
# missing message headers.
|
||||||
|
#
|
||||||
|
# o When prepending text before a message header
|
||||||
|
# line, the prepended text must begin with a
|
||||||
|
# valid message header label.
|
||||||
|
#
|
||||||
|
# o This action cannot be used to prepend multi-
|
||||||
|
# line text.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with mil-
|
||||||
|
# ter_header_checks.
|
||||||
|
#
|
||||||
|
# REDIRECT user@domain
|
||||||
|
# Write a message redirection request to the queue
|
||||||
|
# file, and inspect the next input line. After the
|
||||||
|
# message is queued, it will be sent to the specified
|
||||||
|
# address instead of the intended recipient(s).
|
||||||
|
#
|
||||||
|
# Note: this action overrides the FILTER action, and
|
||||||
|
# affects all recipients of the message. If multiple
|
||||||
|
# REDIRECT actions fire, only the last one is exe-
|
||||||
|
# cuted.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.1 and later.
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# REPLACE text...
|
||||||
|
# Replace the current line with the specified text,
|
||||||
|
# and inspect the next input line.
|
||||||
|
#
|
||||||
|
# This feature is available in Postfix 2.2 and later.
|
||||||
|
# The description below applies to Postfix 2.2.2 and
|
||||||
|
# later.
|
||||||
|
#
|
||||||
|
# Notes:
|
||||||
|
#
|
||||||
|
# o When replacing a message header line, the
|
||||||
|
# replacement text must begin with a valid
|
||||||
|
# header label.
|
||||||
|
#
|
||||||
|
# o The replaced text remains part of the input
|
||||||
|
# stream. Unlike the result from the PREPEND
|
||||||
|
# action, a replaced message header may be
|
||||||
|
# subject to address rewriting and may affect
|
||||||
|
# the way that Postfix adds missing message
|
||||||
|
# headers.
|
||||||
|
#
|
||||||
|
# REJECT optional text...
|
||||||
|
# Reject the entire message. Reply with optional
|
||||||
|
# text... when the optional text is specified, other-
|
||||||
|
# wise reply with a generic error message.
|
||||||
|
#
|
||||||
|
# Note: this action disables further header or
|
||||||
|
# body_checks inspection of the current message and
|
||||||
|
# affects all recipients.
|
||||||
|
#
|
||||||
|
# Postfix version 2.3 and later support enhanced sta-
|
||||||
|
# tus codes. When no code is specified at the begin-
|
||||||
|
# ning of optional text..., Postfix inserts a default
|
||||||
|
# enhanced status code of "5.7.1".
|
||||||
|
#
|
||||||
|
# This feature is not supported with smtp header/body
|
||||||
|
# checks.
|
||||||
|
#
|
||||||
|
# WARN optional text...
|
||||||
|
# Log a "warning:" record with the optional text...
|
||||||
|
# (or log a generic text), and inspect the next input
|
||||||
|
# line. This action is useful for debugging and for
|
||||||
|
# testing a pattern before applying more drastic
|
||||||
|
# actions.
|
||||||
|
#
|
||||||
|
# BUGS
|
||||||
|
# Empty lines never match, because some map types mis-behave
|
||||||
|
# when given a zero-length search string. This limitation
|
||||||
|
# may be removed for regular expression tables in a future
|
||||||
|
# release.
|
||||||
|
#
|
||||||
|
# Many people overlook the main limitations of header and
|
||||||
|
# body_checks rules.
|
||||||
|
#
|
||||||
|
# o These rules operate on one logical message header
|
||||||
|
# or one body line at a time. A decision made for one
|
||||||
|
# line is not carried over to the next line.
|
||||||
|
#
|
||||||
|
# o If text in the message body is encoded (RFC 2045)
|
||||||
|
# then the rules need to be specified for the encoded
|
||||||
|
# form.
|
||||||
|
#
|
||||||
|
# o Likewise, when message headers are encoded (RFC
|
||||||
|
# 2047) then the rules need to be specified for the
|
||||||
|
# encoded form.
|
||||||
|
#
|
||||||
|
# Message headers added by the cleanup(8) daemon itself are
|
||||||
|
# excluded from inspection. Examples of such message headers
|
||||||
|
# are From:, To:, Message-ID:, Date:.
|
||||||
|
#
|
||||||
|
# Message headers deleted by the cleanup(8) daemon will be
|
||||||
|
# examined before they are deleted. Examples are: Bcc:, Con-
|
||||||
|
# tent-Length:, Return-Path:.
|
||||||
|
#
|
||||||
|
# CONFIGURATION PARAMETERS
|
||||||
|
# body_checks
|
||||||
|
# Lookup tables with content filter rules for message
|
||||||
|
# body lines. These filters see one physical line at
|
||||||
|
# a time, in chunks of at most $line_length_limit
|
||||||
|
# bytes.
|
||||||
|
#
|
||||||
|
# body_checks_size_limit
|
||||||
|
# The amount of content per message body segment
|
||||||
|
# (attachment) that is subjected to $body_checks fil-
|
||||||
|
# tering.
|
||||||
|
#
|
||||||
|
# header_checks
|
||||||
|
#
|
||||||
|
# mime_header_checks (default: $header_checks)
|
||||||
|
#
|
||||||
|
# nested_header_checks (default: $header_checks)
|
||||||
|
# Lookup tables with content filter rules for message
|
||||||
|
# header lines: respectively, these are applied to
|
||||||
|
# the initial message headers (not including MIME
|
||||||
|
# headers), to the MIME headers anywhere in the mes-
|
||||||
|
# sage, and to the initial headers of attached mes-
|
||||||
|
# sages.
|
||||||
|
#
|
||||||
|
# Note: these filters see one logical message header
|
||||||
|
# at a time, even when a message header spans multi-
|
||||||
|
# ple lines. Message headers that are longer than
|
||||||
|
# $header_size_limit characters are truncated.
|
||||||
|
#
|
||||||
|
# disable_mime_input_processing
|
||||||
|
# While receiving mail, give no special treatment to
|
||||||
|
# MIME related message headers; all text after the
|
||||||
|
# initial message headers is considered to be part of
|
||||||
|
# the message body. This means that header_checks is
|
||||||
|
# applied to all the initial message headers, and
|
||||||
|
# that body_checks is applied to the remainder of the
|
||||||
|
# message.
|
||||||
|
#
|
||||||
|
# Note: when used in this manner, body_checks will
|
||||||
|
# process a multi-line message header one line at a
|
||||||
|
# time.
|
||||||
|
#
|
||||||
|
# EXAMPLES
|
||||||
|
# Header pattern to block attachments with bad file name
|
||||||
|
# extensions. For convenience, the PCRE /x flag is speci-
|
||||||
|
# fied, so that there is no need to collapse the pattern
|
||||||
|
# into a single line of text. The purpose of the
|
||||||
|
# [[:xdigit:]] sub-expressions is to recognize Windows CLSID
|
||||||
|
# strings.
|
||||||
|
#
|
||||||
|
# /etc/postfix/main.cf:
|
||||||
|
# header_checks = pcre:/etc/postfix/header_checks.pcre
|
||||||
|
#
|
||||||
|
# /etc/postfix/header_checks.pcre:
|
||||||
|
# /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
|
||||||
|
# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
|
||||||
|
# hlp|ht[at]|
|
||||||
|
# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
|
||||||
|
# \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
|
||||||
|
# ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
|
||||||
|
# vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
|
||||||
|
# REJECT Attachment name "$2" may not end with ".$4"
|
||||||
|
#
|
||||||
|
# Body pattern to stop a specific HTML browser vulnerability
|
||||||
|
# exploit.
|
||||||
|
#
|
||||||
|
# /etc/postfix/main.cf:
|
||||||
|
# body_checks = regexp:/etc/postfix/body_checks
|
||||||
|
#
|
||||||
|
# /etc/postfix/body_checks:
|
||||||
|
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
|
||||||
|
# REJECT IFRAME vulnerability exploit
|
||||||
|
#
|
||||||
|
# SEE ALSO
|
||||||
|
# cleanup(8), canonicalize and enqueue Postfix message
|
||||||
|
# pcre_table(5), format of PCRE lookup tables
|
||||||
|
# regexp_table(5), format of POSIX regular expression tables
|
||||||
|
# postconf(1), Postfix configuration utility
|
||||||
|
# postmap(1), Postfix lookup table management
|
||||||
|
# postsuper(1), Postfix janitor
|
||||||
|
# postcat(1), show Postfix queue file contents
|
||||||
|
# RFC 2045, base64 and quoted-printable encoding rules
|
||||||
|
# RFC 2047, message header encoding for non-ASCII text
|
||||||
|
#
|
||||||
|
# README FILES
|
||||||
|
# Use "postconf readme_directory" or "postconf html_direc-
|
||||||
|
# tory" to locate this information.
|
||||||
|
# DATABASE_README, Postfix lookup table overview
|
||||||
|
# CONTENT_INSPECTION_README, Postfix content inspection overview
|
||||||
|
# BUILTIN_FILTER_README, Postfix built-in content inspection
|
||||||
|
# BACKSCATTER_README, blocking returned forged mail
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
# The Secure Mailer license must be distributed with this
|
||||||
|
# software.
|
||||||
|
#
|
||||||
|
# AUTHOR(S)
|
||||||
|
# Wietse Venema
|
||||||
|
# IBM T.J. Watson Research
|
||||||
|
# P.O. Box 704
|
||||||
|
# Yorktown Heights, NY 10598, USA
|
||||||
|
#
|
||||||
|
# HEADER_CHECKS(5)
|
127
postfix/main.cf
Normal file
127
postfix/main.cf
Normal file
|
@ -0,0 +1,127 @@
|
||||||
|
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
|
||||||
|
compatibility_level = 2
|
||||||
|
alias_database = hash:/etc/aliases
|
||||||
|
alias_maps = hash:/etc/aliases
|
||||||
|
broken_sasl_auth_clients = yes
|
||||||
|
command_directory = /usr/sbin
|
||||||
|
config_directory = /etc/postfix
|
||||||
|
daemon_directory = /usr/libexec/postfix
|
||||||
|
data_directory = /var/lib/postfix
|
||||||
|
debug_peer_level = 2
|
||||||
|
debugger_command =
|
||||||
|
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
||||||
|
ddd $daemon_directory/$process_name $process_id & sleep 5
|
||||||
|
disable_vrfy_command = yes
|
||||||
|
html_directory = no
|
||||||
|
mynetworks = 127.0.0.0/8, 168.168.0.0/24, 192.168.1.121, 192.168.43.121, $mydomain
|
||||||
|
inet_interfaces = all
|
||||||
|
inet_protocols = all
|
||||||
|
mail_owner = postfix
|
||||||
|
mailq_path = /usr/bin/mailq.postfix
|
||||||
|
manpage_directory = /usr/share/man
|
||||||
|
milter_default_action = accept
|
||||||
|
mydestination = $myhostname, localhost.$mydomain, localhost
|
||||||
|
mydomain = example.com
|
||||||
|
myhostname = mlserver
|
||||||
|
myorigin = $mydomain
|
||||||
|
smtpd_banner = $myhostname ESMTP $mydomain
|
||||||
|
newaliases_path = /usr/bin/newaliases.postfix
|
||||||
|
queue_directory = /var/spool/postfix
|
||||||
|
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
|
||||||
|
sample_directory = /usr/share/doc/postfix-2.10.1/samples
|
||||||
|
sendmail_path = /usr/sbin/sendmail.postfix
|
||||||
|
setgid_group = postdrop
|
||||||
|
smtpd_delay_reject = yes
|
||||||
|
smtpd_error_sleep_time = 1s
|
||||||
|
smtpd_hard_error_limit = 20
|
||||||
|
smtpd_helo_required = yes
|
||||||
|
smtpd_helo_restrictions = permit_mynetworks,
|
||||||
|
reject_invalid_hostname,
|
||||||
|
permit
|
||||||
|
#smtpd_recipient_restrictions = permit_sasl_authenticated,
|
||||||
|
# permit_mynetworks,
|
||||||
|
# check_policy_service unix:postgrey/socket,
|
||||||
|
# reject_invalid_hostname,
|
||||||
|
# reject_non_fqdn_hostname,
|
||||||
|
# reject_unauth_destination,
|
||||||
|
# reject_rbl_client list.dsbl.org,
|
||||||
|
# reject_rbl_client sbl.spamhaus.org,
|
||||||
|
# reject_rbl_client cbl.abuseat.org,
|
||||||
|
# reject_rbl_client dul.dnsbl.sorbs.net,
|
||||||
|
# permit
|
||||||
|
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname
|
||||||
|
smtpd_sasl_auth_enable = yes
|
||||||
|
smtpd_sasl_exceptions_networks = $mynetworks
|
||||||
|
smtpd_sasl_authenticated_header = yes
|
||||||
|
smtpd_sasl_path = private/auth
|
||||||
|
smtpd_sasl_type = dovecot
|
||||||
|
smtpd_soft_error_limit = 10
|
||||||
|
smtpd_tls_auth_only = no
|
||||||
|
smtpd_use_tls = yes
|
||||||
|
smtpd_tls_mandatory_protocols = TLSv1.2 TLSv1.1 TLSv1
|
||||||
|
smtpd_tls_protocols = TLSv1.2 TLSv1.1 TLSv1
|
||||||
|
smtp_tls_mandatory_protocols = TLSv1.2 TLSv1.1 TLSv1
|
||||||
|
smtp_tls_protocols = TLSv1.2 TLSv1.1 TLSv1
|
||||||
|
smtpd_tls_CAfile = /etc/postfix/example_com_ca.crt
|
||||||
|
smtpd_tls_cert_file = /etc/postfix/example_com.crt
|
||||||
|
smtpd_tls_key_file = /etc/postfix/example_com.key
|
||||||
|
smtpd_tls_loglevel = 2
|
||||||
|
smtpd_tls_received_header = yes
|
||||||
|
smtpd_tls_session_cache_timeout = 3600s
|
||||||
|
smtp_tls_security_level = may
|
||||||
|
smtpd_tls_security_level = may
|
||||||
|
smtpd_sasl_security_options = noanonymous
|
||||||
|
smtpd_sasl_tls_security_options = noanonymous
|
||||||
|
tls_random_source = dev:/dev/urandom
|
||||||
|
unknown_local_recipient_reject_code = 550
|
||||||
|
virtual_mailbox_base = /mailstore/vmail
|
||||||
|
virtual_mailbox_limit = 51200000
|
||||||
|
virtual_mailbox_domains =
|
||||||
|
proxy:mysql:/etc/postfix/sql/mysql_virtual_domain_maps.cf,
|
||||||
|
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
|
||||||
|
virtual_mailbox_maps =
|
||||||
|
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
|
||||||
|
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
|
||||||
|
virtual_alias_maps =
|
||||||
|
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
|
||||||
|
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
|
||||||
|
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
|
||||||
|
relay_domains = proxy:mysql:/etc/postfix/sql/mysql_relay_domains_maps.cf
|
||||||
|
virtual_minimum_uid = 2000
|
||||||
|
virtual_transport = lmtp:unix:private/dovecot-lmtp
|
||||||
|
mailbox_transport = lmtp:unix:private/dovecot-lmtp
|
||||||
|
virtual_uid_maps = static:2000
|
||||||
|
virtual_gid_maps = static:12
|
||||||
|
virtual_maildir_limit_message = Sorry, Your maildir has overdrawn your diskspace quota, please free some space of your mailbox and try again.
|
||||||
|
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
|
||||||
|
virtual_mailbox_limit_override = yes
|
||||||
|
virtual_overquota_bounce = yes
|
||||||
|
virtual_create_maildirsize = yes
|
||||||
|
virtual_mailbox_extended = yes
|
||||||
|
smptd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
|
||||||
|
smtpd_tls_note_starttls_offer = yes
|
||||||
|
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
|
||||||
|
smtp_sasl_auth_enable = yes
|
||||||
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
||||||
|
header_checks = regexp:/etc/postfix/header_checks
|
||||||
|
relayhost =
|
||||||
|
smtp_tls_enforce_peername = no
|
||||||
|
enable_original_recipient = no
|
||||||
|
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_sender_domain
|
||||||
|
smtpd_reject_unlisted_recipient = no
|
||||||
|
bounce_queue_lifetime = 1d
|
||||||
|
biff = no
|
||||||
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||||
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||||
|
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, permit
|
||||||
|
smtpd_data_restrictions = reject_unauth_pipelining
|
||||||
|
smtpd_sasl_local_domain = $mydomain
|
||||||
|
default_destination_rate_delay = 1s
|
||||||
|
smtp_tls_CAfile = /etc/postfix/example_com_ca.crt
|
||||||
|
smtp_tls_cert_file = /etc/postfix/example_com.crt
|
||||||
|
smtp_tls_key_file = /etc/postfix/example_com.key
|
||||||
|
smtp_tls_loglevel = 2
|
||||||
|
smtp_use_tls = yes
|
||||||
|
smtp_tls_note_starttls_offer = yes
|
||||||
|
smtp_sasl_security_options = noanonymous
|
||||||
|
smtp_sasl_tls_security_options = noanonymous
|
BIN
postfix/main.cf.db
Normal file
BIN
postfix/main.cf.db
Normal file
Binary file not shown.
679
postfix/main.cf_original
Normal file
679
postfix/main.cf_original
Normal file
|
@ -0,0 +1,679 @@
|
||||||
|
# Global Postfix configuration file. This file lists only a subset
|
||||||
|
# of all parameters. For the syntax, and for a complete parameter
|
||||||
|
# list, see the postconf(5) manual page (command: "man 5 postconf").
|
||||||
|
#
|
||||||
|
# For common configuration examples, see BASIC_CONFIGURATION_README
|
||||||
|
# and STANDARD_CONFIGURATION_README. To find these documents, use
|
||||||
|
# the command "postconf html_directory readme_directory", or go to
|
||||||
|
# http://www.postfix.org/.
|
||||||
|
#
|
||||||
|
# For best results, change no more than 2-3 parameters at a time,
|
||||||
|
# and test if Postfix still works after every change.
|
||||||
|
|
||||||
|
# SOFT BOUNCE
|
||||||
|
#
|
||||||
|
# The soft_bounce parameter provides a limited safety net for
|
||||||
|
# testing. When soft_bounce is enabled, mail will remain queued that
|
||||||
|
# would otherwise bounce. This parameter disables locally-generated
|
||||||
|
# bounces, and prevents the SMTP server from rejecting mail permanently
|
||||||
|
# (by changing 5xx replies into 4xx replies). However, soft_bounce
|
||||||
|
# is no cure for address rewriting mistakes or mail routing mistakes.
|
||||||
|
#
|
||||||
|
#soft_bounce = no
|
||||||
|
|
||||||
|
# LOCAL PATHNAME INFORMATION
|
||||||
|
#
|
||||||
|
# The queue_directory specifies the location of the Postfix queue.
|
||||||
|
# This is also the root directory of Postfix daemons that run chrooted.
|
||||||
|
# See the files in examples/chroot-setup for setting up Postfix chroot
|
||||||
|
# environments on different UNIX systems.
|
||||||
|
#
|
||||||
|
queue_directory = /var/spool/postfix
|
||||||
|
|
||||||
|
# The command_directory parameter specifies the location of all
|
||||||
|
# postXXX commands.
|
||||||
|
#
|
||||||
|
command_directory = /usr/sbin
|
||||||
|
|
||||||
|
# The daemon_directory parameter specifies the location of all Postfix
|
||||||
|
# daemon programs (i.e. programs listed in the master.cf file). This
|
||||||
|
# directory must be owned by root.
|
||||||
|
#
|
||||||
|
daemon_directory = /usr/libexec/postfix
|
||||||
|
|
||||||
|
# The data_directory parameter specifies the location of Postfix-writable
|
||||||
|
# data files (caches, random numbers). This directory must be owned
|
||||||
|
# by the mail_owner account (see below).
|
||||||
|
#
|
||||||
|
data_directory = /var/lib/postfix
|
||||||
|
|
||||||
|
# QUEUE AND PROCESS OWNERSHIP
|
||||||
|
#
|
||||||
|
# The mail_owner parameter specifies the owner of the Postfix queue
|
||||||
|
# and of most Postfix daemon processes. Specify the name of a user
|
||||||
|
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
|
||||||
|
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
|
||||||
|
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
|
||||||
|
# USER.
|
||||||
|
#
|
||||||
|
mail_owner = postfix
|
||||||
|
|
||||||
|
# The default_privs parameter specifies the default rights used by
|
||||||
|
# the local delivery agent for delivery to external file or command.
|
||||||
|
# These rights are used in the absence of a recipient user context.
|
||||||
|
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
|
||||||
|
#
|
||||||
|
#default_privs = nobody
|
||||||
|
|
||||||
|
# INTERNET HOST AND DOMAIN NAMES
|
||||||
|
#
|
||||||
|
# The myhostname parameter specifies the internet hostname of this
|
||||||
|
# mail system. The default is to use the fully-qualified domain name
|
||||||
|
# from gethostname(). $myhostname is used as a default value for many
|
||||||
|
# other configuration parameters.
|
||||||
|
#
|
||||||
|
#myhostname = host.domain.tld
|
||||||
|
#myhostname = virtual.domain.tld
|
||||||
|
|
||||||
|
# The mydomain parameter specifies the local internet domain name.
|
||||||
|
# The default is to use $myhostname minus the first component.
|
||||||
|
# $mydomain is used as a default value for many other configuration
|
||||||
|
# parameters.
|
||||||
|
#
|
||||||
|
#mydomain = domain.tld
|
||||||
|
|
||||||
|
# SENDING MAIL
|
||||||
|
#
|
||||||
|
# The myorigin parameter specifies the domain that locally-posted
|
||||||
|
# mail appears to come from. The default is to append $myhostname,
|
||||||
|
# which is fine for small sites. If you run a domain with multiple
|
||||||
|
# machines, you should (1) change this to $mydomain and (2) set up
|
||||||
|
# a domain-wide alias database that aliases each user to
|
||||||
|
# user@that.users.mailhost.
|
||||||
|
#
|
||||||
|
# For the sake of consistency between sender and recipient addresses,
|
||||||
|
# myorigin also specifies the default domain name that is appended
|
||||||
|
# to recipient addresses that have no @domain part.
|
||||||
|
#
|
||||||
|
#myorigin = $myhostname
|
||||||
|
#myorigin = $mydomain
|
||||||
|
|
||||||
|
# RECEIVING MAIL
|
||||||
|
|
||||||
|
# The inet_interfaces parameter specifies the network interface
|
||||||
|
# addresses that this mail system receives mail on. By default,
|
||||||
|
# the software claims all active interfaces on the machine. The
|
||||||
|
# parameter also controls delivery of mail to user@[ip.address].
|
||||||
|
#
|
||||||
|
# See also the proxy_interfaces parameter, for network addresses that
|
||||||
|
# are forwarded to us via a proxy or network address translator.
|
||||||
|
#
|
||||||
|
# Note: you need to stop/start Postfix when this parameter changes.
|
||||||
|
#
|
||||||
|
#inet_interfaces = all
|
||||||
|
#inet_interfaces = $myhostname
|
||||||
|
#inet_interfaces = $myhostname, localhost
|
||||||
|
inet_interfaces = localhost
|
||||||
|
|
||||||
|
# Enable IPv4, and IPv6 if supported
|
||||||
|
inet_protocols = all
|
||||||
|
|
||||||
|
# The proxy_interfaces parameter specifies the network interface
|
||||||
|
# addresses that this mail system receives mail on by way of a
|
||||||
|
# proxy or network address translation unit. This setting extends
|
||||||
|
# the address list specified with the inet_interfaces parameter.
|
||||||
|
#
|
||||||
|
# You must specify your proxy/NAT addresses when your system is a
|
||||||
|
# backup MX host for other domains, otherwise mail delivery loops
|
||||||
|
# will happen when the primary MX host is down.
|
||||||
|
#
|
||||||
|
#proxy_interfaces =
|
||||||
|
#proxy_interfaces = 1.2.3.4
|
||||||
|
|
||||||
|
# The mydestination parameter specifies the list of domains that this
|
||||||
|
# machine considers itself the final destination for.
|
||||||
|
#
|
||||||
|
# These domains are routed to the delivery agent specified with the
|
||||||
|
# local_transport parameter setting. By default, that is the UNIX
|
||||||
|
# compatible delivery agent that lookups all recipients in /etc/passwd
|
||||||
|
# and /etc/aliases or their equivalent.
|
||||||
|
#
|
||||||
|
# The default is $myhostname + localhost.$mydomain. On a mail domain
|
||||||
|
# gateway, you should also include $mydomain.
|
||||||
|
#
|
||||||
|
# Do not specify the names of virtual domains - those domains are
|
||||||
|
# specified elsewhere (see VIRTUAL_README).
|
||||||
|
#
|
||||||
|
# Do not specify the names of domains that this machine is backup MX
|
||||||
|
# host for. Specify those names via the relay_domains settings for
|
||||||
|
# the SMTP server, or use permit_mx_backup if you are lazy (see
|
||||||
|
# STANDARD_CONFIGURATION_README).
|
||||||
|
#
|
||||||
|
# The local machine is always the final destination for mail addressed
|
||||||
|
# to user@[the.net.work.address] of an interface that the mail system
|
||||||
|
# receives mail on (see the inet_interfaces parameter).
|
||||||
|
#
|
||||||
|
# Specify a list of host or domain names, /file/name or type:table
|
||||||
|
# patterns, separated by commas and/or whitespace. A /file/name
|
||||||
|
# pattern is replaced by its contents; a type:table is matched when
|
||||||
|
# a name matches a lookup key (the right-hand side is ignored).
|
||||||
|
# Continue long lines by starting the next line with whitespace.
|
||||||
|
#
|
||||||
|
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
|
||||||
|
#
|
||||||
|
mydestination = $myhostname, localhost.$mydomain, localhost
|
||||||
|
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
|
||||||
|
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
|
||||||
|
# mail.$mydomain, www.$mydomain, ftp.$mydomain
|
||||||
|
|
||||||
|
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
|
||||||
|
#
|
||||||
|
# The local_recipient_maps parameter specifies optional lookup tables
|
||||||
|
# with all names or addresses of users that are local with respect
|
||||||
|
# to $mydestination, $inet_interfaces or $proxy_interfaces.
|
||||||
|
#
|
||||||
|
# If this parameter is defined, then the SMTP server will reject
|
||||||
|
# mail for unknown local users. This parameter is defined by default.
|
||||||
|
#
|
||||||
|
# To turn off local recipient checking in the SMTP server, specify
|
||||||
|
# local_recipient_maps = (i.e. empty).
|
||||||
|
#
|
||||||
|
# The default setting assumes that you use the default Postfix local
|
||||||
|
# delivery agent for local delivery. You need to update the
|
||||||
|
# local_recipient_maps setting if:
|
||||||
|
#
|
||||||
|
# - You define $mydestination domain recipients in files other than
|
||||||
|
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
|
||||||
|
# For example, you define $mydestination domain recipients in
|
||||||
|
# the $virtual_mailbox_maps files.
|
||||||
|
#
|
||||||
|
# - You redefine the local delivery agent in master.cf.
|
||||||
|
#
|
||||||
|
# - You redefine the "local_transport" setting in main.cf.
|
||||||
|
#
|
||||||
|
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
|
||||||
|
# feature of the Postfix local delivery agent (see local(8)).
|
||||||
|
#
|
||||||
|
# Details are described in the LOCAL_RECIPIENT_README file.
|
||||||
|
#
|
||||||
|
# Beware: if the Postfix SMTP server runs chrooted, you probably have
|
||||||
|
# to access the passwd file via the proxymap service, in order to
|
||||||
|
# overcome chroot restrictions. The alternative, having a copy of
|
||||||
|
# the system passwd file in the chroot jail is just not practical.
|
||||||
|
#
|
||||||
|
# The right-hand side of the lookup tables is conveniently ignored.
|
||||||
|
# In the left-hand side, specify a bare username, an @domain.tld
|
||||||
|
# wild-card, or specify a user@domain.tld address.
|
||||||
|
#
|
||||||
|
#local_recipient_maps = unix:passwd.byname $alias_maps
|
||||||
|
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
|
||||||
|
#local_recipient_maps =
|
||||||
|
|
||||||
|
# The unknown_local_recipient_reject_code specifies the SMTP server
|
||||||
|
# response code when a recipient domain matches $mydestination or
|
||||||
|
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
|
||||||
|
# and the recipient address or address local-part is not found.
|
||||||
|
#
|
||||||
|
# The default setting is 550 (reject mail) but it is safer to start
|
||||||
|
# with 450 (try again later) until you are certain that your
|
||||||
|
# local_recipient_maps settings are OK.
|
||||||
|
#
|
||||||
|
unknown_local_recipient_reject_code = 550
|
||||||
|
|
||||||
|
# TRUST AND RELAY CONTROL
|
||||||
|
|
||||||
|
# The mynetworks parameter specifies the list of "trusted" SMTP
|
||||||
|
# clients that have more privileges than "strangers".
|
||||||
|
#
|
||||||
|
# In particular, "trusted" SMTP clients are allowed to relay mail
|
||||||
|
# through Postfix. See the smtpd_recipient_restrictions parameter
|
||||||
|
# in postconf(5).
|
||||||
|
#
|
||||||
|
# You can specify the list of "trusted" network addresses by hand
|
||||||
|
# or you can let Postfix do it for you (which is the default).
|
||||||
|
#
|
||||||
|
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
|
||||||
|
# clients in the same IP subnetworks as the local machine.
|
||||||
|
# On Linux, this does works correctly only with interfaces specified
|
||||||
|
# with the "ifconfig" command.
|
||||||
|
#
|
||||||
|
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
|
||||||
|
# clients in the same IP class A/B/C networks as the local machine.
|
||||||
|
# Don't do this with a dialup site - it would cause Postfix to "trust"
|
||||||
|
# your entire provider's network. Instead, specify an explicit
|
||||||
|
# mynetworks list by hand, as described below.
|
||||||
|
#
|
||||||
|
# Specify "mynetworks_style = host" when Postfix should "trust"
|
||||||
|
# only the local machine.
|
||||||
|
#
|
||||||
|
#mynetworks_style = class
|
||||||
|
#mynetworks_style = subnet
|
||||||
|
#mynetworks_style = host
|
||||||
|
|
||||||
|
# Alternatively, you can specify the mynetworks list by hand, in
|
||||||
|
# which case Postfix ignores the mynetworks_style setting.
|
||||||
|
#
|
||||||
|
# Specify an explicit list of network/netmask patterns, where the
|
||||||
|
# mask specifies the number of bits in the network part of a host
|
||||||
|
# address.
|
||||||
|
#
|
||||||
|
# You can also specify the absolute pathname of a pattern file instead
|
||||||
|
# of listing the patterns here. Specify type:table for table-based lookups
|
||||||
|
# (the value on the table right-hand side is not used).
|
||||||
|
#
|
||||||
|
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
|
||||||
|
#mynetworks = $config_directory/mynetworks
|
||||||
|
#mynetworks = hash:/etc/postfix/network_table
|
||||||
|
|
||||||
|
# The relay_domains parameter restricts what destinations this system will
|
||||||
|
# relay mail to. See the smtpd_recipient_restrictions description in
|
||||||
|
# postconf(5) for detailed information.
|
||||||
|
#
|
||||||
|
# By default, Postfix relays mail
|
||||||
|
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
|
||||||
|
# - from "untrusted" clients to destinations that match $relay_domains or
|
||||||
|
# subdomains thereof, except addresses with sender-specified routing.
|
||||||
|
# The default relay_domains value is $mydestination.
|
||||||
|
#
|
||||||
|
# In addition to the above, the Postfix SMTP server by default accepts mail
|
||||||
|
# that Postfix is final destination for:
|
||||||
|
# - destinations that match $inet_interfaces or $proxy_interfaces,
|
||||||
|
# - destinations that match $mydestination
|
||||||
|
# - destinations that match $virtual_alias_domains,
|
||||||
|
# - destinations that match $virtual_mailbox_domains.
|
||||||
|
# These destinations do not need to be listed in $relay_domains.
|
||||||
|
#
|
||||||
|
# Specify a list of hosts or domains, /file/name patterns or type:name
|
||||||
|
# lookup tables, separated by commas and/or whitespace. Continue
|
||||||
|
# long lines by starting the next line with whitespace. A file name
|
||||||
|
# is replaced by its contents; a type:name table is matched when a
|
||||||
|
# (parent) domain appears as lookup key.
|
||||||
|
#
|
||||||
|
# NOTE: Postfix will not automatically forward mail for domains that
|
||||||
|
# list this system as their primary or backup MX host. See the
|
||||||
|
# permit_mx_backup restriction description in postconf(5).
|
||||||
|
#
|
||||||
|
#relay_domains = $mydestination
|
||||||
|
|
||||||
|
# INTERNET OR INTRANET
|
||||||
|
|
||||||
|
# The relayhost parameter specifies the default host to send mail to
|
||||||
|
# when no entry is matched in the optional transport(5) table. When
|
||||||
|
# no relayhost is given, mail is routed directly to the destination.
|
||||||
|
#
|
||||||
|
# On an intranet, specify the organizational domain name. If your
|
||||||
|
# internal DNS uses no MX records, specify the name of the intranet
|
||||||
|
# gateway host instead.
|
||||||
|
#
|
||||||
|
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
|
||||||
|
# [address] or [address]:port; the form [host] turns off MX lookups.
|
||||||
|
#
|
||||||
|
# If you're connected via UUCP, see also the default_transport parameter.
|
||||||
|
#
|
||||||
|
#relayhost = $mydomain
|
||||||
|
#relayhost = [gateway.my.domain]
|
||||||
|
#relayhost = [mailserver.isp.tld]
|
||||||
|
#relayhost = uucphost
|
||||||
|
#relayhost = [an.ip.add.ress]
|
||||||
|
|
||||||
|
# REJECTING UNKNOWN RELAY USERS
|
||||||
|
#
|
||||||
|
# The relay_recipient_maps parameter specifies optional lookup tables
|
||||||
|
# with all addresses in the domains that match $relay_domains.
|
||||||
|
#
|
||||||
|
# If this parameter is defined, then the SMTP server will reject
|
||||||
|
# mail for unknown relay users. This feature is off by default.
|
||||||
|
#
|
||||||
|
# The right-hand side of the lookup tables is conveniently ignored.
|
||||||
|
# In the left-hand side, specify an @domain.tld wild-card, or specify
|
||||||
|
# a user@domain.tld address.
|
||||||
|
#
|
||||||
|
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
|
||||||
|
|
||||||
|
# INPUT RATE CONTROL
|
||||||
|
#
|
||||||
|
# The in_flow_delay configuration parameter implements mail input
|
||||||
|
# flow control. This feature is turned on by default, although it
|
||||||
|
# still needs further development (it's disabled on SCO UNIX due
|
||||||
|
# to an SCO bug).
|
||||||
|
#
|
||||||
|
# A Postfix process will pause for $in_flow_delay seconds before
|
||||||
|
# accepting a new message, when the message arrival rate exceeds the
|
||||||
|
# message delivery rate. With the default 100 SMTP server process
|
||||||
|
# limit, this limits the mail inflow to 100 messages a second more
|
||||||
|
# than the number of messages delivered per second.
|
||||||
|
#
|
||||||
|
# Specify 0 to disable the feature. Valid delays are 0..10.
|
||||||
|
#
|
||||||
|
#in_flow_delay = 1s
|
||||||
|
|
||||||
|
# ADDRESS REWRITING
|
||||||
|
#
|
||||||
|
# The ADDRESS_REWRITING_README document gives information about
|
||||||
|
# address masquerading or other forms of address rewriting including
|
||||||
|
# username->Firstname.Lastname mapping.
|
||||||
|
|
||||||
|
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
|
||||||
|
#
|
||||||
|
# The VIRTUAL_README document gives information about the many forms
|
||||||
|
# of domain hosting that Postfix supports.
|
||||||
|
|
||||||
|
# "USER HAS MOVED" BOUNCE MESSAGES
|
||||||
|
#
|
||||||
|
# See the discussion in the ADDRESS_REWRITING_README document.
|
||||||
|
|
||||||
|
# TRANSPORT MAP
|
||||||
|
#
|
||||||
|
# See the discussion in the ADDRESS_REWRITING_README document.
|
||||||
|
|
||||||
|
# ALIAS DATABASE
|
||||||
|
#
|
||||||
|
# The alias_maps parameter specifies the list of alias databases used
|
||||||
|
# by the local delivery agent. The default list is system dependent.
|
||||||
|
#
|
||||||
|
# On systems with NIS, the default is to search the local alias
|
||||||
|
# database, then the NIS alias database. See aliases(5) for syntax
|
||||||
|
# details.
|
||||||
|
#
|
||||||
|
# If you change the alias database, run "postalias /etc/aliases" (or
|
||||||
|
# wherever your system stores the mail alias file), or simply run
|
||||||
|
# "newaliases" to build the necessary DBM or DB file.
|
||||||
|
#
|
||||||
|
# It will take a minute or so before changes become visible. Use
|
||||||
|
# "postfix reload" to eliminate the delay.
|
||||||
|
#
|
||||||
|
#alias_maps = dbm:/etc/aliases
|
||||||
|
alias_maps = hash:/etc/aliases
|
||||||
|
#alias_maps = hash:/etc/aliases, nis:mail.aliases
|
||||||
|
#alias_maps = netinfo:/aliases
|
||||||
|
|
||||||
|
# The alias_database parameter specifies the alias database(s) that
|
||||||
|
# are built with "newaliases" or "sendmail -bi". This is a separate
|
||||||
|
# configuration parameter, because alias_maps (see above) may specify
|
||||||
|
# tables that are not necessarily all under control by Postfix.
|
||||||
|
#
|
||||||
|
#alias_database = dbm:/etc/aliases
|
||||||
|
#alias_database = dbm:/etc/mail/aliases
|
||||||
|
alias_database = hash:/etc/aliases
|
||||||
|
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
|
||||||
|
|
||||||
|
# ADDRESS EXTENSIONS (e.g., user+foo)
|
||||||
|
#
|
||||||
|
# The recipient_delimiter parameter specifies the separator between
|
||||||
|
# user names and address extensions (user+foo). See canonical(5),
|
||||||
|
# local(8), relocated(5) and virtual(5) for the effects this has on
|
||||||
|
# aliases, canonical, virtual, relocated and .forward file lookups.
|
||||||
|
# Basically, the software tries user+foo and .forward+foo before
|
||||||
|
# trying user and .forward.
|
||||||
|
#
|
||||||
|
#recipient_delimiter = +
|
||||||
|
|
||||||
|
# DELIVERY TO MAILBOX
|
||||||
|
#
|
||||||
|
# The home_mailbox parameter specifies the optional pathname of a
|
||||||
|
# mailbox file relative to a user's home directory. The default
|
||||||
|
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
|
||||||
|
# "Maildir/" for qmail-style delivery (the / is required).
|
||||||
|
#
|
||||||
|
#home_mailbox = Mailbox
|
||||||
|
#home_mailbox = Maildir/
|
||||||
|
|
||||||
|
# The mail_spool_directory parameter specifies the directory where
|
||||||
|
# UNIX-style mailboxes are kept. The default setting depends on the
|
||||||
|
# system type.
|
||||||
|
#
|
||||||
|
#mail_spool_directory = /var/mail
|
||||||
|
#mail_spool_directory = /var/spool/mail
|
||||||
|
|
||||||
|
# The mailbox_command parameter specifies the optional external
|
||||||
|
# command to use instead of mailbox delivery. The command is run as
|
||||||
|
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
|
||||||
|
# Exception: delivery for root is done as $default_user.
|
||||||
|
#
|
||||||
|
# Other environment variables of interest: USER (recipient username),
|
||||||
|
# EXTENSION (address extension), DOMAIN (domain part of address),
|
||||||
|
# and LOCAL (the address localpart).
|
||||||
|
#
|
||||||
|
# Unlike other Postfix configuration parameters, the mailbox_command
|
||||||
|
# parameter is not subjected to $parameter substitutions. This is to
|
||||||
|
# make it easier to specify shell syntax (see example below).
|
||||||
|
#
|
||||||
|
# Avoid shell meta characters because they will force Postfix to run
|
||||||
|
# an expensive shell process. Procmail alone is expensive enough.
|
||||||
|
#
|
||||||
|
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
|
||||||
|
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
|
||||||
|
#
|
||||||
|
#mailbox_command = /some/where/procmail
|
||||||
|
#mailbox_command = /some/where/procmail -a "$EXTENSION"
|
||||||
|
|
||||||
|
# The mailbox_transport specifies the optional transport in master.cf
|
||||||
|
# to use after processing aliases and .forward files. This parameter
|
||||||
|
# has precedence over the mailbox_command, fallback_transport and
|
||||||
|
# luser_relay parameters.
|
||||||
|
#
|
||||||
|
# Specify a string of the form transport:nexthop, where transport is
|
||||||
|
# the name of a mail delivery transport defined in master.cf. The
|
||||||
|
# :nexthop part is optional. For more details see the sample transport
|
||||||
|
# configuration file.
|
||||||
|
#
|
||||||
|
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||||
|
# file, then you must update the "local_recipient_maps" setting in
|
||||||
|
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||||
|
# non-UNIX accounts with "User unknown in local recipient table".
|
||||||
|
#
|
||||||
|
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
|
||||||
|
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
|
||||||
|
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||||
|
|
||||||
|
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
|
||||||
|
# server using LMTP (Local Mail Transport Protocol), this is prefered
|
||||||
|
# over the older cyrus deliver program by setting the
|
||||||
|
# mailbox_transport as below:
|
||||||
|
#
|
||||||
|
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||||
|
#
|
||||||
|
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
|
||||||
|
# these settings.
|
||||||
|
#
|
||||||
|
# local_destination_recipient_limit = 300
|
||||||
|
# local_destination_concurrency_limit = 5
|
||||||
|
#
|
||||||
|
# Of course you should adjust these settings as appropriate for the
|
||||||
|
# capacity of the hardware you are using. The recipient limit setting
|
||||||
|
# can be used to take advantage of the single instance message store
|
||||||
|
# capability of Cyrus. The concurrency limit can be used to control
|
||||||
|
# how many simultaneous LMTP sessions will be permitted to the Cyrus
|
||||||
|
# message store.
|
||||||
|
#
|
||||||
|
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
|
||||||
|
# subsequent line in master.cf.
|
||||||
|
#mailbox_transport = cyrus
|
||||||
|
|
||||||
|
# The fallback_transport specifies the optional transport in master.cf
|
||||||
|
# to use for recipients that are not found in the UNIX passwd database.
|
||||||
|
# This parameter has precedence over the luser_relay parameter.
|
||||||
|
#
|
||||||
|
# Specify a string of the form transport:nexthop, where transport is
|
||||||
|
# the name of a mail delivery transport defined in master.cf. The
|
||||||
|
# :nexthop part is optional. For more details see the sample transport
|
||||||
|
# configuration file.
|
||||||
|
#
|
||||||
|
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||||
|
# file, then you must update the "local_recipient_maps" setting in
|
||||||
|
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||||
|
# non-UNIX accounts with "User unknown in local recipient table".
|
||||||
|
#
|
||||||
|
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||||
|
#fallback_transport =
|
||||||
|
|
||||||
|
# The luser_relay parameter specifies an optional destination address
|
||||||
|
# for unknown recipients. By default, mail for unknown@$mydestination,
|
||||||
|
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
|
||||||
|
# as undeliverable.
|
||||||
|
#
|
||||||
|
# The following expansions are done on luser_relay: $user (recipient
|
||||||
|
# username), $shell (recipient shell), $home (recipient home directory),
|
||||||
|
# $recipient (full recipient address), $extension (recipient address
|
||||||
|
# extension), $domain (recipient domain), $local (entire recipient
|
||||||
|
# localpart), $recipient_delimiter. Specify ${name?value} or
|
||||||
|
# ${name:value} to expand value only when $name does (does not) exist.
|
||||||
|
#
|
||||||
|
# luser_relay works only for the default Postfix local delivery agent.
|
||||||
|
#
|
||||||
|
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||||
|
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
|
||||||
|
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||||
|
# non-UNIX accounts with "User unknown in local recipient table".
|
||||||
|
#
|
||||||
|
#luser_relay = $user@other.host
|
||||||
|
#luser_relay = $local@other.host
|
||||||
|
#luser_relay = admin+$local
|
||||||
|
|
||||||
|
# JUNK MAIL CONTROLS
|
||||||
|
#
|
||||||
|
# The controls listed here are only a very small subset. The file
|
||||||
|
# SMTPD_ACCESS_README provides an overview.
|
||||||
|
|
||||||
|
# The header_checks parameter specifies an optional table with patterns
|
||||||
|
# that each logical message header is matched against, including
|
||||||
|
# headers that span multiple physical lines.
|
||||||
|
#
|
||||||
|
# By default, these patterns also apply to MIME headers and to the
|
||||||
|
# headers of attached messages. With older Postfix versions, MIME and
|
||||||
|
# attached message headers were treated as body text.
|
||||||
|
#
|
||||||
|
# For details, see "man header_checks".
|
||||||
|
#
|
||||||
|
#header_checks = regexp:/etc/postfix/header_checks
|
||||||
|
|
||||||
|
# FAST ETRN SERVICE
|
||||||
|
#
|
||||||
|
# Postfix maintains per-destination logfiles with information about
|
||||||
|
# deferred mail, so that mail can be flushed quickly with the SMTP
|
||||||
|
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
|
||||||
|
# See the ETRN_README document for a detailed description.
|
||||||
|
#
|
||||||
|
# The fast_flush_domains parameter controls what destinations are
|
||||||
|
# eligible for this service. By default, they are all domains that
|
||||||
|
# this server is willing to relay mail to.
|
||||||
|
#
|
||||||
|
#fast_flush_domains = $relay_domains
|
||||||
|
|
||||||
|
# SHOW SOFTWARE VERSION OR NOT
|
||||||
|
#
|
||||||
|
# The smtpd_banner parameter specifies the text that follows the 220
|
||||||
|
# code in the SMTP server's greeting banner. Some people like to see
|
||||||
|
# the mail version advertised. By default, Postfix shows no version.
|
||||||
|
#
|
||||||
|
# You MUST specify $myhostname at the start of the text. That is an
|
||||||
|
# RFC requirement. Postfix itself does not care.
|
||||||
|
#
|
||||||
|
#smtpd_banner = $myhostname ESMTP $mail_name
|
||||||
|
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
|
||||||
|
|
||||||
|
# PARALLEL DELIVERY TO THE SAME DESTINATION
|
||||||
|
#
|
||||||
|
# How many parallel deliveries to the same user or domain? With local
|
||||||
|
# delivery, it does not make sense to do massively parallel delivery
|
||||||
|
# to the same user, because mailbox updates must happen sequentially,
|
||||||
|
# and expensive pipelines in .forward files can cause disasters when
|
||||||
|
# too many are run at the same time. With SMTP deliveries, 10
|
||||||
|
# simultaneous connections to the same domain could be sufficient to
|
||||||
|
# raise eyebrows.
|
||||||
|
#
|
||||||
|
# Each message delivery transport has its XXX_destination_concurrency_limit
|
||||||
|
# parameter. The default is $default_destination_concurrency_limit for
|
||||||
|
# most delivery transports. For the local delivery agent the default is 2.
|
||||||
|
|
||||||
|
#local_destination_concurrency_limit = 2
|
||||||
|
#default_destination_concurrency_limit = 20
|
||||||
|
|
||||||
|
# DEBUGGING CONTROL
|
||||||
|
#
|
||||||
|
# The debug_peer_level parameter specifies the increment in verbose
|
||||||
|
# logging level when an SMTP client or server host name or address
|
||||||
|
# matches a pattern in the debug_peer_list parameter.
|
||||||
|
#
|
||||||
|
debug_peer_level = 2
|
||||||
|
|
||||||
|
# The debug_peer_list parameter specifies an optional list of domain
|
||||||
|
# or network patterns, /file/name patterns or type:name tables. When
|
||||||
|
# an SMTP client or server host name or address matches a pattern,
|
||||||
|
# increase the verbose logging level by the amount specified in the
|
||||||
|
# debug_peer_level parameter.
|
||||||
|
#
|
||||||
|
#debug_peer_list = 127.0.0.1
|
||||||
|
#debug_peer_list = some.domain
|
||||||
|
|
||||||
|
# The debugger_command specifies the external command that is executed
|
||||||
|
# when a Postfix daemon program is run with the -D option.
|
||||||
|
#
|
||||||
|
# Use "command .. & sleep 5" so that the debugger can attach before
|
||||||
|
# the process marches on. If you use an X-based debugger, be sure to
|
||||||
|
# set up your XAUTHORITY environment variable before starting Postfix.
|
||||||
|
#
|
||||||
|
debugger_command =
|
||||||
|
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
||||||
|
ddd $daemon_directory/$process_name $process_id & sleep 5
|
||||||
|
|
||||||
|
# If you can't use X, use this to capture the call stack when a
|
||||||
|
# daemon crashes. The result is in a file in the configuration
|
||||||
|
# directory, and is named after the process name and the process ID.
|
||||||
|
#
|
||||||
|
# debugger_command =
|
||||||
|
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
|
||||||
|
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
|
||||||
|
# >$config_directory/$process_name.$process_id.log & sleep 5
|
||||||
|
#
|
||||||
|
# Another possibility is to run gdb under a detached screen session.
|
||||||
|
# To attach to the screen sesssion, su root and run "screen -r
|
||||||
|
# <id_string>" where <id_string> uniquely matches one of the detached
|
||||||
|
# sessions (from "screen -list").
|
||||||
|
#
|
||||||
|
# debugger_command =
|
||||||
|
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
|
||||||
|
# -dmS $process_name gdb $daemon_directory/$process_name
|
||||||
|
# $process_id & sleep 1
|
||||||
|
|
||||||
|
# INSTALL-TIME CONFIGURATION INFORMATION
|
||||||
|
#
|
||||||
|
# The following parameters are used when installing a new Postfix version.
|
||||||
|
#
|
||||||
|
# sendmail_path: The full pathname of the Postfix sendmail command.
|
||||||
|
# This is the Sendmail-compatible mail posting interface.
|
||||||
|
#
|
||||||
|
sendmail_path = /usr/sbin/sendmail.postfix
|
||||||
|
|
||||||
|
# newaliases_path: The full pathname of the Postfix newaliases command.
|
||||||
|
# This is the Sendmail-compatible command to build alias databases.
|
||||||
|
#
|
||||||
|
newaliases_path = /usr/bin/newaliases.postfix
|
||||||
|
|
||||||
|
# mailq_path: The full pathname of the Postfix mailq command. This
|
||||||
|
# is the Sendmail-compatible mail queue listing command.
|
||||||
|
#
|
||||||
|
mailq_path = /usr/bin/mailq.postfix
|
||||||
|
|
||||||
|
# setgid_group: The group for mail submission and queue management
|
||||||
|
# commands. This must be a group name with a numerical group ID that
|
||||||
|
# is not shared with other accounts, not even with the Postfix account.
|
||||||
|
#
|
||||||
|
setgid_group = postdrop
|
||||||
|
|
||||||
|
# html_directory: The location of the Postfix HTML documentation.
|
||||||
|
#
|
||||||
|
html_directory = no
|
||||||
|
|
||||||
|
# manpage_directory: The location of the Postfix on-line manual pages.
|
||||||
|
#
|
||||||
|
manpage_directory = /usr/share/man
|
||||||
|
|
||||||
|
# sample_directory: The location of the Postfix sample configuration files.
|
||||||
|
# This parameter is obsolete as of Postfix 2.1.
|
||||||
|
#
|
||||||
|
sample_directory = /usr/share/doc/postfix-2.10.1/samples
|
||||||
|
|
||||||
|
# readme_directory: The location of the Postfix README files.
|
||||||
|
#
|
||||||
|
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
|
138
postfix/master.cf
Normal file
138
postfix/master.cf
Normal file
|
@ -0,0 +1,138 @@
|
||||||
|
#
|
||||||
|
# Postfix master process configuration file. For details on the format
|
||||||
|
# of the file, see the master(5) manual page (command: "man 5 master").
|
||||||
|
#
|
||||||
|
# Do not forget to execute "postfix reload" after editing this file.
|
||||||
|
#
|
||||||
|
# ==========================================================================
|
||||||
|
# service type private unpriv chroot wakeup maxproc command + args
|
||||||
|
# (yes) (yes) (yes) (never) (100)
|
||||||
|
# ==========================================================================
|
||||||
|
smtp inet n - n - - smtpd -o content_filter=spamassassin
|
||||||
|
#smtp inet n - n - 1 postscreen
|
||||||
|
#smtpd pass - - n - - smtpd
|
||||||
|
#dnsblog unix - - n - 0 dnsblog
|
||||||
|
#tlsproxy unix - - n - 0 tlsproxy
|
||||||
|
submission inet n - n - - smtpd
|
||||||
|
-o syslog_name=postfix/submission
|
||||||
|
-o smtpd_tls_wrappermode=no
|
||||||
|
-o smtpd_tls_security_level=may
|
||||||
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
-o smtpd_sasl_type=dovecot
|
||||||
|
-o smtpd_sasl_path=private/auth
|
||||||
|
# -o smtpd_sasl_security_options=noanonymous
|
||||||
|
# -o smtpd_sasl_local_domain=$myhostname
|
||||||
|
# -o smtpd_reject_unlisted_recipient=no
|
||||||
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||||
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||||
|
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||||
|
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated
|
||||||
|
-o milter_macro_daemon_name=ORIGINATING
|
||||||
|
smtps inet n - n - - smtpd
|
||||||
|
-o syslog_name=postfix/smtps
|
||||||
|
-o smtpd_tls_wrappermode=yes
|
||||||
|
-o smtpd_tls_security_level=may
|
||||||
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
-o smtpd_sasl_type=dovecot
|
||||||
|
-o smtpd_sasl_path=private/auth
|
||||||
|
# -o smtpd_reject_unlisted_recipient=no
|
||||||
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||||
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||||
|
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||||
|
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
||||||
|
# -o milter_macro_daemon_name=ORIGINATING
|
||||||
|
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
|
||||||
|
# -o milter_macro_daemon_name=ORIGINATING
|
||||||
|
#628 inet n - n - - qmqpd
|
||||||
|
pickup unix n - n 60 1 pickup
|
||||||
|
cleanup unix n - n - 0 cleanup
|
||||||
|
qmgr unix n - n 300 1 qmgr
|
||||||
|
#qmgr unix n - n 300 1 oqmgr
|
||||||
|
tlsmgr unix - - n 1000? 1 tlsmgr
|
||||||
|
rewrite unix - - n - - trivial-rewrite
|
||||||
|
bounce unix - - n - 0 bounce
|
||||||
|
defer unix - - n - 0 bounce
|
||||||
|
trace unix - - n - 0 bounce
|
||||||
|
verify unix - - n - 1 verify
|
||||||
|
flush unix n - n 1000? 0 flush
|
||||||
|
proxymap unix - - n - - proxymap
|
||||||
|
proxywrite unix - - n - 1 proxymap
|
||||||
|
smtp unix - - n - - smtp
|
||||||
|
relay unix - - n - - smtp
|
||||||
|
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
|
||||||
|
showq unix n - n - - showq
|
||||||
|
error unix - - n - - error
|
||||||
|
retry unix - - n - - error
|
||||||
|
discard unix - - n - - discard
|
||||||
|
local unix - n n - - local
|
||||||
|
virtual unix - n n - - virtual
|
||||||
|
lmtp unix - - n - - lmtp
|
||||||
|
anvil unix - - n - 1 anvil
|
||||||
|
scache unix - - n - 1 scache
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
# Interfaces to non-Postfix software. Be sure to examine the manual
|
||||||
|
# pages of the non-Postfix software to find out what options it wants.
|
||||||
|
#
|
||||||
|
# Many of the following services use the Postfix pipe(8) delivery
|
||||||
|
# agent. See the pipe(8) man page for information about ${recipient}
|
||||||
|
# and other message envelope options.
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# maildrop. See the Postfix MAILDROP_README file for details.
|
||||||
|
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#maildrop unix - n n - - pipe
|
||||||
|
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
|
||||||
|
#
|
||||||
|
# Specify in cyrus.conf:
|
||||||
|
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
|
||||||
|
#
|
||||||
|
# Specify in main.cf one or more of the following:
|
||||||
|
# mailbox_transport = lmtp:inet:localhost
|
||||||
|
# virtual_transport = lmtp:inet:localhost
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Cyrus 2.1.5 (Amos Gouaux)
|
||||||
|
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#cyrus unix - n n - - pipe
|
||||||
|
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Old example of delivery via Cyrus.
|
||||||
|
#
|
||||||
|
#old-cyrus unix - n n - - pipe
|
||||||
|
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# See the Postfix UUCP_README file for configuration details.
|
||||||
|
#
|
||||||
|
#uucp unix - n n - - pipe
|
||||||
|
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Other external delivery methods.
|
||||||
|
#
|
||||||
|
#ifmail unix - n n - - pipe
|
||||||
|
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
||||||
|
#
|
||||||
|
#bsmtp unix - n n - - pipe
|
||||||
|
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
|
||||||
|
#
|
||||||
|
#scalemail-backend unix - n n - 2 pipe
|
||||||
|
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
|
||||||
|
# ${nexthop} ${user} ${extension}
|
||||||
|
#
|
||||||
|
#mailman unix - n n - - pipe
|
||||||
|
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
||||||
|
# ${nexthop} ${user}
|
||||||
|
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
|
BIN
postfix/master.cf.db
Normal file
BIN
postfix/master.cf.db
Normal file
Binary file not shown.
137
postfix/master.cf_6APR2021
Normal file
137
postfix/master.cf_6APR2021
Normal file
|
@ -0,0 +1,137 @@
|
||||||
|
#
|
||||||
|
# Postfix master process configuration file. For details on the format
|
||||||
|
# of the file, see the master(5) manual page (command: "man 5 master").
|
||||||
|
#
|
||||||
|
# Do not forget to execute "postfix reload" after editing this file.
|
||||||
|
#
|
||||||
|
# ==========================================================================
|
||||||
|
# service type private unpriv chroot wakeup maxproc command + args
|
||||||
|
# (yes) (yes) (yes) (never) (100)
|
||||||
|
# ==========================================================================
|
||||||
|
smtp inet n - n - - smtpd
|
||||||
|
#smtp inet n - n - 1 postscreen
|
||||||
|
#smtpd pass - - n - - smtpd
|
||||||
|
#dnsblog unix - - n - 0 dnsblog
|
||||||
|
#tlsproxy unix - - n - 0 tlsproxy
|
||||||
|
submission inet n - n - - smtpd
|
||||||
|
-o syslog_name=postfix/submission
|
||||||
|
-o smtpd_tls_wrappermode=no
|
||||||
|
-o smtpd_tls_security_level=may
|
||||||
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
-o smtpd_sasl_type=dovecot
|
||||||
|
-o smtpd_sasl_path=private/auth
|
||||||
|
# -o smtpd_sasl_security_options=noanonymous
|
||||||
|
# -o smtpd_sasl_local_domain=$myhostname
|
||||||
|
# -o smtpd_reject_unlisted_recipient=no
|
||||||
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||||
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||||
|
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||||
|
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated
|
||||||
|
-o milter_macro_daemon_name=ORIGINATING
|
||||||
|
smtps inet n - n - - smtpd
|
||||||
|
-o syslog_name=postfix/smtps
|
||||||
|
-o smtpd_tls_wrappermode=yes
|
||||||
|
-o smtpd_tls_security_level=may
|
||||||
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
-o smtpd_sasl_type=dovecot
|
||||||
|
-o smtpd_sasl_path=private/auth
|
||||||
|
# -o smtpd_reject_unlisted_recipient=no
|
||||||
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||||
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||||
|
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||||
|
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
||||||
|
# -o milter_macro_daemon_name=ORIGINATING
|
||||||
|
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
|
||||||
|
# -o milter_macro_daemon_name=ORIGINATING
|
||||||
|
#628 inet n - n - - qmqpd
|
||||||
|
pickup unix n - n 60 1 pickup
|
||||||
|
cleanup unix n - n - 0 cleanup
|
||||||
|
qmgr unix n - n 300 1 qmgr
|
||||||
|
#qmgr unix n - n 300 1 oqmgr
|
||||||
|
tlsmgr unix - - n 1000? 1 tlsmgr
|
||||||
|
rewrite unix - - n - - trivial-rewrite
|
||||||
|
bounce unix - - n - 0 bounce
|
||||||
|
defer unix - - n - 0 bounce
|
||||||
|
trace unix - - n - 0 bounce
|
||||||
|
verify unix - - n - 1 verify
|
||||||
|
flush unix n - n 1000? 0 flush
|
||||||
|
proxymap unix - - n - - proxymap
|
||||||
|
proxywrite unix - - n - 1 proxymap
|
||||||
|
smtp unix - - n - - smtp
|
||||||
|
relay unix - - n - - smtp
|
||||||
|
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
|
||||||
|
showq unix n - n - - showq
|
||||||
|
error unix - - n - - error
|
||||||
|
retry unix - - n - - error
|
||||||
|
discard unix - - n - - discard
|
||||||
|
local unix - n n - - local
|
||||||
|
virtual unix - n n - - virtual
|
||||||
|
lmtp unix - - n - - lmtp
|
||||||
|
anvil unix - - n - 1 anvil
|
||||||
|
scache unix - - n - 1 scache
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
# Interfaces to non-Postfix software. Be sure to examine the manual
|
||||||
|
# pages of the non-Postfix software to find out what options it wants.
|
||||||
|
#
|
||||||
|
# Many of the following services use the Postfix pipe(8) delivery
|
||||||
|
# agent. See the pipe(8) man page for information about ${recipient}
|
||||||
|
# and other message envelope options.
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# maildrop. See the Postfix MAILDROP_README file for details.
|
||||||
|
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#maildrop unix - n n - - pipe
|
||||||
|
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
|
||||||
|
#
|
||||||
|
# Specify in cyrus.conf:
|
||||||
|
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
|
||||||
|
#
|
||||||
|
# Specify in main.cf one or more of the following:
|
||||||
|
# mailbox_transport = lmtp:inet:localhost
|
||||||
|
# virtual_transport = lmtp:inet:localhost
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Cyrus 2.1.5 (Amos Gouaux)
|
||||||
|
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#cyrus unix - n n - - pipe
|
||||||
|
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Old example of delivery via Cyrus.
|
||||||
|
#
|
||||||
|
#old-cyrus unix - n n - - pipe
|
||||||
|
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# See the Postfix UUCP_README file for configuration details.
|
||||||
|
#
|
||||||
|
#uucp unix - n n - - pipe
|
||||||
|
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Other external delivery methods.
|
||||||
|
#
|
||||||
|
#ifmail unix - n n - - pipe
|
||||||
|
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
||||||
|
#
|
||||||
|
#bsmtp unix - n n - - pipe
|
||||||
|
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
|
||||||
|
#
|
||||||
|
#scalemail-backend unix - n n - 2 pipe
|
||||||
|
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
|
||||||
|
# ${nexthop} ${user} ${extension}
|
||||||
|
#
|
||||||
|
#mailman unix - n n - - pipe
|
||||||
|
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
||||||
|
# ${nexthop} ${user}
|
127
postfix/master.cf_original
Normal file
127
postfix/master.cf_original
Normal file
|
@ -0,0 +1,127 @@
|
||||||
|
#
|
||||||
|
# Postfix master process configuration file. For details on the format
|
||||||
|
# of the file, see the master(5) manual page (command: "man 5 master").
|
||||||
|
#
|
||||||
|
# Do not forget to execute "postfix reload" after editing this file.
|
||||||
|
#
|
||||||
|
# ==========================================================================
|
||||||
|
# service type private unpriv chroot wakeup maxproc command + args
|
||||||
|
# (yes) (yes) (yes) (never) (100)
|
||||||
|
# ==========================================================================
|
||||||
|
smtp inet n - n - - smtpd
|
||||||
|
#smtp inet n - n - 1 postscreen
|
||||||
|
#smtpd pass - - n - - smtpd
|
||||||
|
#dnsblog unix - - n - 0 dnsblog
|
||||||
|
#tlsproxy unix - - n - 0 tlsproxy
|
||||||
|
#submission inet n - n - - smtpd
|
||||||
|
# -o syslog_name=postfix/submission
|
||||||
|
# -o smtpd_tls_security_level=encrypt
|
||||||
|
# -o smtpd_sasl_auth_enable=yes
|
||||||
|
# -o smtpd_reject_unlisted_recipient=no
|
||||||
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||||
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||||
|
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||||
|
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
||||||
|
# -o milter_macro_daemon_name=ORIGINATING
|
||||||
|
#smtps inet n - n - - smtpd
|
||||||
|
# -o syslog_name=postfix/smtps
|
||||||
|
# -o smtpd_tls_wrappermode=yes
|
||||||
|
# -o smtpd_sasl_auth_enable=yes
|
||||||
|
# -o smtpd_reject_unlisted_recipient=no
|
||||||
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||||
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||||
|
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||||
|
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
||||||
|
# -o milter_macro_daemon_name=ORIGINATING
|
||||||
|
#628 inet n - n - - qmqpd
|
||||||
|
pickup unix n - n 60 1 pickup
|
||||||
|
cleanup unix n - n - 0 cleanup
|
||||||
|
qmgr unix n - n 300 1 qmgr
|
||||||
|
#qmgr unix n - n 300 1 oqmgr
|
||||||
|
tlsmgr unix - - n 1000? 1 tlsmgr
|
||||||
|
rewrite unix - - n - - trivial-rewrite
|
||||||
|
bounce unix - - n - 0 bounce
|
||||||
|
defer unix - - n - 0 bounce
|
||||||
|
trace unix - - n - 0 bounce
|
||||||
|
verify unix - - n - 1 verify
|
||||||
|
flush unix n - n 1000? 0 flush
|
||||||
|
proxymap unix - - n - - proxymap
|
||||||
|
proxywrite unix - - n - 1 proxymap
|
||||||
|
smtp unix - - n - - smtp
|
||||||
|
relay unix - - n - - smtp
|
||||||
|
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
|
||||||
|
showq unix n - n - - showq
|
||||||
|
error unix - - n - - error
|
||||||
|
retry unix - - n - - error
|
||||||
|
discard unix - - n - - discard
|
||||||
|
local unix - n n - - local
|
||||||
|
virtual unix - n n - - virtual
|
||||||
|
lmtp unix - - n - - lmtp
|
||||||
|
anvil unix - - n - 1 anvil
|
||||||
|
scache unix - - n - 1 scache
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
# Interfaces to non-Postfix software. Be sure to examine the manual
|
||||||
|
# pages of the non-Postfix software to find out what options it wants.
|
||||||
|
#
|
||||||
|
# Many of the following services use the Postfix pipe(8) delivery
|
||||||
|
# agent. See the pipe(8) man page for information about ${recipient}
|
||||||
|
# and other message envelope options.
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# maildrop. See the Postfix MAILDROP_README file for details.
|
||||||
|
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#maildrop unix - n n - - pipe
|
||||||
|
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
|
||||||
|
#
|
||||||
|
# Specify in cyrus.conf:
|
||||||
|
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
|
||||||
|
#
|
||||||
|
# Specify in main.cf one or more of the following:
|
||||||
|
# mailbox_transport = lmtp:inet:localhost
|
||||||
|
# virtual_transport = lmtp:inet:localhost
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Cyrus 2.1.5 (Amos Gouaux)
|
||||||
|
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#cyrus unix - n n - - pipe
|
||||||
|
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Old example of delivery via Cyrus.
|
||||||
|
#
|
||||||
|
#old-cyrus unix - n n - - pipe
|
||||||
|
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# See the Postfix UUCP_README file for configuration details.
|
||||||
|
#
|
||||||
|
#uucp unix - n n - - pipe
|
||||||
|
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Other external delivery methods.
|
||||||
|
#
|
||||||
|
#ifmail unix - n n - - pipe
|
||||||
|
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
||||||
|
#
|
||||||
|
#bsmtp unix - n n - - pipe
|
||||||
|
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
|
||||||
|
#
|
||||||
|
#scalemail-backend unix - n n - 2 pipe
|
||||||
|
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
|
||||||
|
# ${nexthop} ${user} ${extension}
|
||||||
|
#
|
||||||
|
#mailman unix - n n - - pipe
|
||||||
|
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
||||||
|
# ${nexthop} ${user}
|
220
postfix/postgrey_whitelist_clients
Normal file
220
postfix/postgrey_whitelist_clients
Normal file
|
@ -0,0 +1,220 @@
|
||||||
|
# postgrey whitelist for mail client hostnames
|
||||||
|
# --------------------------------------------
|
||||||
|
# put this file in /etc/postfix or specify its path
|
||||||
|
# with --whitelist-clients=xxx
|
||||||
|
#
|
||||||
|
# postgrey version: 1.34, build date: 2011-05-04
|
||||||
|
|
||||||
|
# greylisting.org: Southwest Airlines (unique sender, no retry)
|
||||||
|
southwest.com
|
||||||
|
# greylisting.org: isp.belgacom.be (wierd retry pattern)
|
||||||
|
isp.belgacom.be
|
||||||
|
# greylisting.org: Ameritrade (no retry)
|
||||||
|
ameritradeinfo.com
|
||||||
|
# greylisting.org: Amazon.com (unique sender with letters)
|
||||||
|
amazon.com
|
||||||
|
# 2004-05-20: Linux kernel mailing-list (unique sender with letters)
|
||||||
|
vger.kernel.org
|
||||||
|
# 2004-06-02: karger.ch, no retry
|
||||||
|
karger.ch
|
||||||
|
# 2004-06-02: lilys.ch, (slow: 4 hours)
|
||||||
|
server-x001.hostpoint.ch
|
||||||
|
# 2004-06-09: roche.com (no retry)
|
||||||
|
gw.bas.roche.com
|
||||||
|
# 2004-06-09: newsletter (no retry)
|
||||||
|
mail.hhlaw.com
|
||||||
|
# 2004-06-09: no retry (reported by Ralph Hildebrandt)
|
||||||
|
prd051.appliedbiosystems.com
|
||||||
|
# 2004-06-17: swissre.com (no retry)
|
||||||
|
swissre.com
|
||||||
|
# 2004-06-17: dowjones.com newsletter (unique sender with letters)
|
||||||
|
returns.dowjones.com
|
||||||
|
# 2004-06-18: switch.ch (works but personnel is confused by the error)
|
||||||
|
domin.switch.ch
|
||||||
|
# 2004-06-23: accor-hotels.com (slow: 6 hours)
|
||||||
|
accor-hotels.com
|
||||||
|
# 2004-06-29: rr.com (no retry, reported by Duncan Hill)
|
||||||
|
/^ms-smtp.*\.rr\.com$/
|
||||||
|
# 2004-06-29: cox.net (no retry, reported by Duncan Hill)
|
||||||
|
/^lake.*mta.*\.cox\.net$/
|
||||||
|
# 2004-06-29: motorola.com (no retry)
|
||||||
|
mot.com
|
||||||
|
# 2004-07-01: nic.fr (address verification, reported by Arnaud Launay)
|
||||||
|
nic.fr
|
||||||
|
# 2004-07-01: verizon.net (address verification, reported by Bill Moran and Eric, adapted by Adam C. Mathews)
|
||||||
|
/^s[cv]\d+pub\.verizon\.net$/
|
||||||
|
# 2004-07-02: cs.columbia.edu (no retry)
|
||||||
|
cs.columbia.edu
|
||||||
|
# 2004-07-02: papersinvited.com (no retry)
|
||||||
|
66.216.126.174
|
||||||
|
# 2004-07-02: telekom.de (slow: 6 hours)
|
||||||
|
/^mail\d+\.telekom\.de$/
|
||||||
|
# 2004-07-04: tiscali.dk (slow: 12 hours, reported by Klaus Alexander Seistrup)
|
||||||
|
/^smtp\d+\.tiscali\.dk$/
|
||||||
|
# 2004-07-04: freshmeat.net (address verification)
|
||||||
|
freshmeat.net
|
||||||
|
# 2004-07-11: zd-swx.com (unique sender with letters, reported by Bill Landry)
|
||||||
|
zd-swx.com
|
||||||
|
# 2004-07-11: lockergnome.wc09.net (unique sender with letters, reported by Bill Landry)
|
||||||
|
lockergnome.wc09.net
|
||||||
|
# 2004-07-19: mxlogic.net (no retry, reported by Eric)
|
||||||
|
p01m168.mxlogic.net
|
||||||
|
p02m169.mxlogic.net
|
||||||
|
# 2004-09-08: intel.com (pool on different subnets)
|
||||||
|
/^fmr\d+\.intel\.com$/
|
||||||
|
# 2004-09-17: cox-internet.com (no retry, reported by Rod Roark)
|
||||||
|
/^fe\d+\.cox-internet\.com$/
|
||||||
|
# 2004-10-11: logismata.ch (no retry)
|
||||||
|
logismata.ch
|
||||||
|
# 2004-11-25: brief.cw.reum.de (no retry, reported by Manuel Oetiker)
|
||||||
|
brief.cw.reum.de
|
||||||
|
# 2004-12-03: ingeno.ch (no retry)
|
||||||
|
qmail.ingeno.ch
|
||||||
|
# 2004-12-06: rein.ch (no retry)
|
||||||
|
mail1.thurweb.ch
|
||||||
|
# 2005-01-26: tu-ilmenau.de (no retry)
|
||||||
|
piggy.rz.tu-ilmenau.de
|
||||||
|
# 2005-04-06: polymed.ch (no retry)
|
||||||
|
mail.polymed.ch
|
||||||
|
# 2005-06-08: hu-berlin.de (slow: 6 hours, reported by Joachim Schoenberg)
|
||||||
|
rz.hu-berlin.de
|
||||||
|
# 2005-06-17: gmail.com (big pool, reported by Beat Mueller)
|
||||||
|
proxy.gmail.com
|
||||||
|
# 2005-06-23: cacert.org (address verification, reported by Martin Lohmeier)
|
||||||
|
cacert.org
|
||||||
|
# 2005-07-27: polytech.univ-mrs.fr (no retry, reported by Giovanni Mandorino)
|
||||||
|
polytech.univ-mrs.fr
|
||||||
|
# 2005-08-05: gnu.org (address verification, reported by Martin Lohmeier)
|
||||||
|
gnu.org
|
||||||
|
# 2005-08-17: ciphirelabs.com (needs fast responses, reported by Sven Mueller)
|
||||||
|
cs.ciphire.net
|
||||||
|
# 2005-11-11: lufthansa (no retry, reported by Peter Bieringer)
|
||||||
|
/^gateway\d+\.np4\.de$/
|
||||||
|
# 2005-11-23: arcor-online.net (slow: 12 hours, reported by Bernd Zeimetz)
|
||||||
|
/^mail-in-\d+\.arcor-online\.net$/
|
||||||
|
# 2005-12-29: netsolmail.com (no retry, reported by Gareth Greenaway)
|
||||||
|
netsolmail.com
|
||||||
|
# mail.likopris.si (no retry, reported by Vito Robar)
|
||||||
|
193.77.153.67
|
||||||
|
# jcsw.nato.int (several servers, no retry, reported by Vito Robar)
|
||||||
|
195.235.39
|
||||||
|
# tesla.vtszg.hr (no retry, reported by Vito Robar)
|
||||||
|
tesla.vtszg.hr
|
||||||
|
# mailgw*.iai.co.il (pool of several servers, reported by Vito Robar)
|
||||||
|
/^mailgw.*\.iai\.co\.il$/
|
||||||
|
# gw.stud-serv-mb.si (no retry, reported by Vito Robar)
|
||||||
|
gw.stud-serv-mb.si
|
||||||
|
# mail.commandtech.com (no retry, reported by Vito Robar)
|
||||||
|
216.238.112.99
|
||||||
|
# duropack.co.at (no retry, reported by Vito Robar)
|
||||||
|
193.81.20.195
|
||||||
|
# mail.esimit-tech.si (no retry, reported by Vito Robar)
|
||||||
|
193.77.126.208
|
||||||
|
# mail.resotel.be (ocasionally no retry, reported by Vito Robar)
|
||||||
|
80.200.249.216
|
||||||
|
# mail2.alliancefr.be (ocasionally no retry, reported by Vito Robar)
|
||||||
|
mail2.alliancefr.be
|
||||||
|
# webserver.turboinstitut.si (no retry, reported by Vito Robar)
|
||||||
|
webserver.turboinstitut.si
|
||||||
|
# mil.be (pool of different servers, reported by Vito Robar)
|
||||||
|
193.191.218.141
|
||||||
|
193.191.218.142
|
||||||
|
193.191.218.143
|
||||||
|
194.7.234.141
|
||||||
|
194.7.234.142
|
||||||
|
194.7.234.143
|
||||||
|
# mail*.usafisnews.org (no retry, reported by Vito Robar)
|
||||||
|
/^mail\d+\.usafisnews\.org$/
|
||||||
|
# odk.fdv.uni-lj.si (no retry, reported by Vito Robar)
|
||||||
|
/^odk.fdv.uni-lj.si$/
|
||||||
|
# rak-gentoo-1.nameserver.de (no retry, reported by Vito Robar)
|
||||||
|
rak-gentoo-1.nameserver.de
|
||||||
|
# dars.si (ocasionally no retry, reported by Vito Robar)
|
||||||
|
mx.dars.si
|
||||||
|
# cosis.si (no retry, reported by Vito Robar)
|
||||||
|
213.143.66.210
|
||||||
|
# mta?.siol.net (sometimes no or slow retry; they use intermail, reported by Vito Robar)
|
||||||
|
/^mta[12].siol.net$/
|
||||||
|
# pim-N-N.quickinspirationsmail.com (unique sender, reported by Vito Robar)
|
||||||
|
/^pim-\d+-\d+\.quickinspirationsmail\.com$/
|
||||||
|
# flymonarch (no retry, reported by Marko Djukic)
|
||||||
|
flymonarch.com
|
||||||
|
# wxs.nl (no retry, reported by Johannes Fehr)
|
||||||
|
/^p?smtp.*\.wxs\.nl$/
|
||||||
|
# ibm.com (big pool, reported by Casey Peel)
|
||||||
|
ibm.com
|
||||||
|
# messagelabs.com (big pool, reported by John Tobin)
|
||||||
|
/^mail\d+\.messagelabs\.com$/
|
||||||
|
# ptb.de (slow, reported by Joachim Schoenberg)
|
||||||
|
berlin.ptb.de
|
||||||
|
# registrarmail.net (unique sender names, reported by Simon Waters)
|
||||||
|
registrarmail.net
|
||||||
|
# google.com (big pool, reported by Matthias Dyer, Martin Toft)
|
||||||
|
google.com
|
||||||
|
# orange.fr (big pool, reported by Loïc Le Loarer)
|
||||||
|
/^smtp\d+\.orange\.fr$/
|
||||||
|
# citigroup.com (slow retry, reported by Michael Monnerie)
|
||||||
|
/^smtp\d+.citigroup.com$/
|
||||||
|
# cruisingclub.ch (no retry)
|
||||||
|
mail.ccs-cruising.ch
|
||||||
|
# digg.com (no retry, Debian #406774)
|
||||||
|
diggstage01.digg.com
|
||||||
|
# liberal.ca (retries only during 270 seconds, Debian #406774)
|
||||||
|
smtp.liberal.ca
|
||||||
|
# pi.ws (pool + long retry, Debian #409851)
|
||||||
|
/^mail[12]\.pi\.ws$/
|
||||||
|
# rambler.ru (big pool, reported by Michael Monnerie)
|
||||||
|
rambler.ru
|
||||||
|
# free.fr (big pool, reported by Denis Sacchet)
|
||||||
|
/^smtp[0-9]+-g[0-9]+\.free\.fr$/
|
||||||
|
/^postfix[0-9]+-g[0-9]+\.free\.fr$/
|
||||||
|
# thehartford.com (pool + long retry, reported by Jacob Leifman)
|
||||||
|
/^netmail\d+\.thehartford\.com$/
|
||||||
|
# abb.com (only one retry, reported by Roman Plessl)
|
||||||
|
/^nse\d+\.abb\.com$/
|
||||||
|
# 2007-07-27: sourceforge.net (sender verification)
|
||||||
|
lists.sourceforge.net
|
||||||
|
# 2007-08-06: polytec.de (no retry, reported by Patrick McLean)
|
||||||
|
polytec.de
|
||||||
|
# 2007-09-06: qualiflow.com (no retry, reported by Alex Beckert)
|
||||||
|
/^mail\d+\.msg\.oleane\.net$/
|
||||||
|
# 2007-09-07: nrl.navy.mil (no retry, reported by Axel Beckert)
|
||||||
|
nrl.navy.mil
|
||||||
|
# 2007-10-18: aliplast.com (long retry, reported by Johannes Feigl)
|
||||||
|
mail.aliplast.com
|
||||||
|
# 2007-10-18: inode.at (long retry, reported by Johannes Feigl)
|
||||||
|
/^mx\d+\..*\.inode\.at$/
|
||||||
|
# 2008-02-01: bol.com (no retry, reported by Frank Breedijk)
|
||||||
|
/^.*?.server.arvato-systems.de$/
|
||||||
|
# 2008-06-05: registeredsite.com (no retry, reported by Fred Kilbourn)
|
||||||
|
/^(?:mail|fallback-mx)\d+.atl.registeredsite.com$/
|
||||||
|
# 2008-07-17: mahidol.ac.th (no retry, reported by Alex Beckert)
|
||||||
|
saturn.mahidol.ac.th
|
||||||
|
# 2008-07-18: ebay.com (big pool, reported by Peter Samuelson)
|
||||||
|
ebay.com
|
||||||
|
# 2008-07-22: yahoo.com (big pool, reported by Juan Alonso)
|
||||||
|
yahoo.com
|
||||||
|
# 2008-11-07: facebook (no retry, reported by Tim Freeman)
|
||||||
|
/^outmail\d+\.sctm\.tfbnw\.net$/
|
||||||
|
# 2009-02-10: server14.cyon.ch (long retry, reported by Alex Beckert)
|
||||||
|
server14.cyon.ch
|
||||||
|
# 2009-08-19: 126.com (big pool)
|
||||||
|
/^m\d+-\d+\.126\.com$/
|
||||||
|
# 2010-01-08: tifr.res.in (no retry, reported by Alex Beckert)
|
||||||
|
home.theory.tifr.res.in
|
||||||
|
# 2010-01-08: 1blu.de (long retry, reported by Alex Beckert)
|
||||||
|
ms4-1.1blu.de
|
||||||
|
# 2010-03-17: chello.at (big pool, reported by Jan-willem van Eys)
|
||||||
|
/^viefep\d+-int\.chello\.at$/
|
||||||
|
# 2010-05-31: nic.nu (long retry, reported by Ivan Sie)
|
||||||
|
mx.nic.nu
|
||||||
|
# 2010-06-10: Microsoft servers (long/no retry, reported by Roy McMorran)
|
||||||
|
bigfish.com
|
||||||
|
frontbridge.com
|
||||||
|
microsoft.com
|
||||||
|
# 2010-06-18: Google/Postini (big pool, reported by Warren Trakman)
|
||||||
|
postini.com
|
||||||
|
# 2011-02-04: evanzo-server.de (no retry, reported by Andre Hoepner)
|
||||||
|
/^mx.*\.evanzo-server\.de$/
|
||||||
|
# 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie)
|
||||||
|
upcmail.net
|
1
postfix/postgrey_whitelist_clients.local
Normal file
1
postfix/postgrey_whitelist_clients.local
Normal file
|
@ -0,0 +1 @@
|
||||||
|
# Clients that should not be greylisted. See postgrey(8).
|
7
postfix/postgrey_whitelist_recipients
Normal file
7
postfix/postgrey_whitelist_recipients
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# postgrey whitelist for mail recipients
|
||||||
|
# --------------------------------------
|
||||||
|
# put this file in /etc/postfix or specify its path
|
||||||
|
# with --whitelist-recipients=xxx
|
||||||
|
|
||||||
|
postmaster@
|
||||||
|
abuse@
|
171
postfix/relocated
Normal file
171
postfix/relocated
Normal file
|
@ -0,0 +1,171 @@
|
||||||
|
# RELOCATED(5) RELOCATED(5)
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# relocated - Postfix relocated table format
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# postmap /etc/postfix/relocated
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# The optional relocated(5) table provides the information
|
||||||
|
# that is used in "user has moved to new_location" bounce
|
||||||
|
# messages.
|
||||||
|
#
|
||||||
|
# Normally, the relocated(5) table is specified as a text
|
||||||
|
# file that serves as input to the postmap(1) command. The
|
||||||
|
# result, an indexed file in dbm or db format, is used for
|
||||||
|
# fast searching by the mail system. Execute the command
|
||||||
|
# "postmap /etc/postfix/relocated" to rebuild an indexed
|
||||||
|
# file after changing the corresponding relocated table.
|
||||||
|
#
|
||||||
|
# When the table is provided via other means such as NIS,
|
||||||
|
# LDAP or SQL, the same lookups are done as for ordinary
|
||||||
|
# indexed files.
|
||||||
|
#
|
||||||
|
# Alternatively, the table can be provided as a regular-
|
||||||
|
# expression map where patterns are given as regular expres-
|
||||||
|
# sions, or lookups can be directed to TCP-based server. In
|
||||||
|
# those case, the lookups are done in a slightly different
|
||||||
|
# way as described below under "REGULAR EXPRESSION TABLES"
|
||||||
|
# or "TCP-BASED TABLES".
|
||||||
|
#
|
||||||
|
# Table lookups are case insensitive.
|
||||||
|
#
|
||||||
|
# CASE FOLDING
|
||||||
|
# The search string is folded to lowercase before database
|
||||||
|
# lookup. As of Postfix 2.3, the search string is not case
|
||||||
|
# folded with database types such as regexp: or pcre: whose
|
||||||
|
# lookup fields can match both upper and lower case.
|
||||||
|
#
|
||||||
|
# TABLE FORMAT
|
||||||
|
# The input format for the postmap(1) command is as follows:
|
||||||
|
#
|
||||||
|
# o An entry has one of the following form:
|
||||||
|
#
|
||||||
|
# pattern new_location
|
||||||
|
#
|
||||||
|
# Where new_location specifies contact information
|
||||||
|
# such as an email address, or perhaps a street
|
||||||
|
# address or telephone number.
|
||||||
|
#
|
||||||
|
# o Empty lines and whitespace-only lines are ignored,
|
||||||
|
# as are lines whose first non-whitespace character
|
||||||
|
# is a `#'.
|
||||||
|
#
|
||||||
|
# o A logical line starts with non-whitespace text. A
|
||||||
|
# line that starts with whitespace continues a logi-
|
||||||
|
# cal line.
|
||||||
|
#
|
||||||
|
# TABLE SEARCH ORDER
|
||||||
|
# With lookups from indexed files such as DB or DBM, or from
|
||||||
|
# networked tables such as NIS, LDAP or SQL, patterns are
|
||||||
|
# tried in the order as listed below:
|
||||||
|
#
|
||||||
|
# user@domain
|
||||||
|
# Matches user@domain. This form has precedence over
|
||||||
|
# all other forms.
|
||||||
|
#
|
||||||
|
# user Matches user@site when site is $myorigin, when site
|
||||||
|
# is listed in $mydestination, or when site is listed
|
||||||
|
# in $inet_interfaces or $proxy_interfaces.
|
||||||
|
#
|
||||||
|
# @domain
|
||||||
|
# Matches other addresses in domain. This form has
|
||||||
|
# the lowest precedence.
|
||||||
|
#
|
||||||
|
# ADDRESS EXTENSION
|
||||||
|
# When a mail address localpart contains the optional recip-
|
||||||
|
# ient delimiter (e.g., user+foo@domain), the lookup order
|
||||||
|
# becomes: user+foo@domain, user@domain, user+foo, user, and
|
||||||
|
# @domain.
|
||||||
|
#
|
||||||
|
# REGULAR EXPRESSION TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# the table is given in the form of regular expressions or
|
||||||
|
# when lookups are directed to a TCP-based server. For a
|
||||||
|
# description of regular expression lookup table syntax, see
|
||||||
|
# regexp_table(5) or pcre_table(5). For a description of the
|
||||||
|
# TCP client/server table lookup protocol, see tcp_table(5).
|
||||||
|
# This feature is not available up to and including Postfix
|
||||||
|
# version 2.4.
|
||||||
|
#
|
||||||
|
# Each pattern is a regular expression that is applied to
|
||||||
|
# the entire address being looked up. Thus, user@domain mail
|
||||||
|
# addresses are not broken up into their user and @domain
|
||||||
|
# constituent parts, nor is user+foo broken up into user and
|
||||||
|
# foo.
|
||||||
|
#
|
||||||
|
# Patterns are applied in the order as specified in the ta-
|
||||||
|
# ble, until a pattern is found that matches the search
|
||||||
|
# string.
|
||||||
|
#
|
||||||
|
# Results are the same as with indexed file lookups, with
|
||||||
|
# the additional feature that parenthesized substrings from
|
||||||
|
# the pattern can be interpolated as $1, $2 and so on.
|
||||||
|
#
|
||||||
|
# TCP-BASED TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# lookups are directed to a TCP-based server. For a descrip-
|
||||||
|
# tion of the TCP client/server lookup protocol, see tcp_ta-
|
||||||
|
# ble(5). This feature is not available up to and including
|
||||||
|
# Postfix version 2.4.
|
||||||
|
#
|
||||||
|
# Each lookup operation uses the entire address once. Thus,
|
||||||
|
# user@domain mail addresses are not broken up into their
|
||||||
|
# user and @domain constituent parts, nor is user+foo broken
|
||||||
|
# up into user and foo.
|
||||||
|
#
|
||||||
|
# Results are the same as with indexed file lookups.
|
||||||
|
#
|
||||||
|
# BUGS
|
||||||
|
# The table format does not understand quoting conventions.
|
||||||
|
#
|
||||||
|
# CONFIGURATION PARAMETERS
|
||||||
|
# The following main.cf parameters are especially relevant.
|
||||||
|
# The text below provides only a parameter summary. See
|
||||||
|
# postconf(5) for more details including examples.
|
||||||
|
#
|
||||||
|
# relocated_maps
|
||||||
|
# List of lookup tables for relocated users or sites.
|
||||||
|
#
|
||||||
|
# Other parameters of interest:
|
||||||
|
#
|
||||||
|
# inet_interfaces
|
||||||
|
# The network interface addresses that this system
|
||||||
|
# receives mail on. You need to stop and start Post-
|
||||||
|
# fix when this parameter changes.
|
||||||
|
#
|
||||||
|
# mydestination
|
||||||
|
# List of domains that this mail system considers
|
||||||
|
# local.
|
||||||
|
#
|
||||||
|
# myorigin
|
||||||
|
# The domain that is appended to locally-posted mail.
|
||||||
|
#
|
||||||
|
# proxy_interfaces
|
||||||
|
# Other interfaces that this machine receives mail on
|
||||||
|
# by way of a proxy agent or network address transla-
|
||||||
|
# tor.
|
||||||
|
#
|
||||||
|
# SEE ALSO
|
||||||
|
# trivial-rewrite(8), address resolver
|
||||||
|
# postmap(1), Postfix lookup table manager
|
||||||
|
# postconf(5), configuration parameters
|
||||||
|
#
|
||||||
|
# README FILES
|
||||||
|
# Use "postconf readme_directory" or "postconf html_direc-
|
||||||
|
# tory" to locate this information.
|
||||||
|
# DATABASE_README, Postfix lookup table overview
|
||||||
|
# ADDRESS_REWRITING_README, address rewriting guide
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
# The Secure Mailer license must be distributed with this
|
||||||
|
# software.
|
||||||
|
#
|
||||||
|
# AUTHOR(S)
|
||||||
|
# Wietse Venema
|
||||||
|
# IBM T.J. Watson Research
|
||||||
|
# P.O. Box 704
|
||||||
|
# Yorktown Heights, NY 10598, USA
|
||||||
|
#
|
||||||
|
# RELOCATED(5)
|
0
postfix/sasl_passwd
Normal file
0
postfix/sasl_passwd
Normal file
BIN
postfix/sasl_passwd.db
Normal file
BIN
postfix/sasl_passwd.db
Normal file
Binary file not shown.
6
postfix/sql/mysql_relay_domains_maps.cf
Normal file
6
postfix/sql/mysql_relay_domains_maps.cf
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
user = vmailadmin
|
||||||
|
password = STRONGPASSWORD
|
||||||
|
hosts = 127.0.0.1
|
||||||
|
dbname = vmailadmin
|
||||||
|
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'
|
||||||
|
#query = SELECT domain FROM domain WHERE domain='%s' and transport = 'relay' and active = 1 AND NOT exists (select * from alias_domain where alias_domain = '%s' AND alias_domain.active = '1')
|
BIN
postfix/sql/mysql_relay_domains_maps.cf.db
Normal file
BIN
postfix/sql/mysql_relay_domains_maps.cf.db
Normal file
Binary file not shown.
5
postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
Normal file
5
postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
user = vmailadmin
|
||||||
|
password = STRONGPASSWORD
|
||||||
|
hosts = localhost
|
||||||
|
dbname = vmailadmin
|
||||||
|
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
|
BIN
postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf.db
Normal file
BIN
postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf.db
Normal file
Binary file not shown.
5
postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
Normal file
5
postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
user = vmailadmin
|
||||||
|
password = STRONGPASSWORD
|
||||||
|
hosts = localhost
|
||||||
|
dbname = vmailadmin
|
||||||
|
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
|
BIN
postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf.db
Normal file
BIN
postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf.db
Normal file
Binary file not shown.
5
postfix/sql/mysql_virtual_alias_domain_maps.cf
Normal file
5
postfix/sql/mysql_virtual_alias_domain_maps.cf
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
user = vmailadmin
|
||||||
|
password = STRONGPASSWORD
|
||||||
|
hosts = localhost
|
||||||
|
dbname = vmailadmin
|
||||||
|
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
|
BIN
postfix/sql/mysql_virtual_alias_domain_maps.cf.db
Normal file
BIN
postfix/sql/mysql_virtual_alias_domain_maps.cf.db
Normal file
Binary file not shown.
6
postfix/sql/mysql_virtual_alias_maps.cf
Normal file
6
postfix/sql/mysql_virtual_alias_maps.cf
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
user = vmailadmin
|
||||||
|
password = STRONGPASSWORD
|
||||||
|
hosts = localhost
|
||||||
|
dbname = vmailadmin
|
||||||
|
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
|
||||||
|
#expansion_limit = 100
|
BIN
postfix/sql/mysql_virtual_alias_maps.cf.db
Normal file
BIN
postfix/sql/mysql_virtual_alias_maps.cf.db
Normal file
Binary file not shown.
9
postfix/sql/mysql_virtual_domain_maps.cf
Normal file
9
postfix/sql/mysql_virtual_domain_maps.cf
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
user = vmailadmin
|
||||||
|
password = STRONGPASSWORD
|
||||||
|
hosts = localhost
|
||||||
|
dbname = vmailadmin
|
||||||
|
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
|
||||||
|
#query = SELECT domain FROM domain WHERE domain='%s'
|
||||||
|
#optional query to use when relaying for backup MX
|
||||||
|
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
|
||||||
|
#expansion_limit = 100
|
BIN
postfix/sql/mysql_virtual_domain_maps.cf.db
Normal file
BIN
postfix/sql/mysql_virtual_domain_maps.cf.db
Normal file
Binary file not shown.
BIN
postfix/sql/mysql_virtual_domains_maps.cf.db
Normal file
BIN
postfix/sql/mysql_virtual_domains_maps.cf.db
Normal file
Binary file not shown.
5
postfix/sql/mysql_virtual_mailbox_limit_maps.cf
Normal file
5
postfix/sql/mysql_virtual_mailbox_limit_maps.cf
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
user = vmailadmin
|
||||||
|
password = STRONGPASSWORD
|
||||||
|
hosts = localhost
|
||||||
|
dbname = vmailadmin
|
||||||
|
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
|
BIN
postfix/sql/mysql_virtual_mailbox_limit_maps.cf.db
Normal file
BIN
postfix/sql/mysql_virtual_mailbox_limit_maps.cf.db
Normal file
Binary file not shown.
6
postfix/sql/mysql_virtual_mailbox_maps.cf
Normal file
6
postfix/sql/mysql_virtual_mailbox_maps.cf
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
user = vmailadmin
|
||||||
|
password = STRONGPASSWORD
|
||||||
|
hosts = localhost
|
||||||
|
dbname = vmailadmin
|
||||||
|
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
|
||||||
|
#expansion_limit = 100
|
BIN
postfix/sql/mysql_virtual_mailbox_maps.cf.db
Normal file
BIN
postfix/sql/mysql_virtual_mailbox_maps.cf.db
Normal file
Binary file not shown.
294
postfix/transport
Normal file
294
postfix/transport
Normal file
|
@ -0,0 +1,294 @@
|
||||||
|
# TRANSPORT(5) TRANSPORT(5)
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# transport - Postfix transport table format
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# postmap /etc/postfix/transport
|
||||||
|
#
|
||||||
|
# postmap -q "string" /etc/postfix/transport
|
||||||
|
#
|
||||||
|
# postmap -q - /etc/postfix/transport <inputfile
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# The optional transport(5) table specifies a mapping from
|
||||||
|
# email addresses to message delivery transports and next-
|
||||||
|
# hop destinations. Message delivery transports such as
|
||||||
|
# local or smtp are defined in the master.cf file, and next-
|
||||||
|
# hop destinations are typically hosts or domain names. The
|
||||||
|
# table is searched by the trivial-rewrite(8) daemon.
|
||||||
|
#
|
||||||
|
# This mapping overrides the default transport:nexthop
|
||||||
|
# selection that is built into Postfix:
|
||||||
|
#
|
||||||
|
# local_transport (default: local:$myhostname)
|
||||||
|
# This is the default for final delivery to domains
|
||||||
|
# listed with mydestination, and for [ipaddress] des-
|
||||||
|
# tinations that match $inet_interfaces or
|
||||||
|
# $proxy_interfaces. The default nexthop destination
|
||||||
|
# is the MTA hostname.
|
||||||
|
#
|
||||||
|
# virtual_transport (default: virtual:)
|
||||||
|
# This is the default for final delivery to domains
|
||||||
|
# listed with virtual_mailbox_domains. The default
|
||||||
|
# nexthop destination is the recipient domain.
|
||||||
|
#
|
||||||
|
# relay_transport (default: relay:)
|
||||||
|
# This is the default for remote delivery to domains
|
||||||
|
# listed with relay_domains. In order of decreasing
|
||||||
|
# precedence, the nexthop destination is taken from
|
||||||
|
# relay_transport, sender_dependent_relayhost_maps,
|
||||||
|
# relayhost, or from the recipient domain.
|
||||||
|
#
|
||||||
|
# default_transport (default: smtp:)
|
||||||
|
# This is the default for remote delivery to other
|
||||||
|
# destinations. In order of decreasing precedence,
|
||||||
|
# the nexthop destination is taken from sender_depen-
|
||||||
|
# dent_default_transport_maps, default_transport,
|
||||||
|
# sender_dependent_relayhost_maps, relayhost, or from
|
||||||
|
# the recipient domain.
|
||||||
|
#
|
||||||
|
# Normally, the transport(5) table is specified as a text
|
||||||
|
# file that serves as input to the postmap(1) command. The
|
||||||
|
# result, an indexed file in dbm or db format, is used for
|
||||||
|
# fast searching by the mail system. Execute the command
|
||||||
|
# "postmap /etc/postfix/transport" to rebuild an indexed
|
||||||
|
# file after changing the corresponding transport table.
|
||||||
|
#
|
||||||
|
# When the table is provided via other means such as NIS,
|
||||||
|
# LDAP or SQL, the same lookups are done as for ordinary
|
||||||
|
# indexed files.
|
||||||
|
#
|
||||||
|
# Alternatively, the table can be provided as a regular-
|
||||||
|
# expression map where patterns are given as regular expres-
|
||||||
|
# sions, or lookups can be directed to TCP-based server. In
|
||||||
|
# those case, the lookups are done in a slightly different
|
||||||
|
# way as described below under "REGULAR EXPRESSION TABLES"
|
||||||
|
# or "TCP-BASED TABLES".
|
||||||
|
#
|
||||||
|
# CASE FOLDING
|
||||||
|
# The search string is folded to lowercase before database
|
||||||
|
# lookup. As of Postfix 2.3, the search string is not case
|
||||||
|
# folded with database types such as regexp: or pcre: whose
|
||||||
|
# lookup fields can match both upper and lower case.
|
||||||
|
#
|
||||||
|
# TABLE FORMAT
|
||||||
|
# The input format for the postmap(1) command is as follows:
|
||||||
|
#
|
||||||
|
# pattern result
|
||||||
|
# When pattern matches the recipient address or
|
||||||
|
# domain, use the corresponding result.
|
||||||
|
#
|
||||||
|
# blank lines and comments
|
||||||
|
# Empty lines and whitespace-only lines are ignored,
|
||||||
|
# as are lines whose first non-whitespace character
|
||||||
|
# is a `#'.
|
||||||
|
#
|
||||||
|
# multi-line text
|
||||||
|
# A logical line starts with non-whitespace text. A
|
||||||
|
# line that starts with whitespace continues a logi-
|
||||||
|
# cal line.
|
||||||
|
#
|
||||||
|
# The pattern specifies an email address, a domain name, or
|
||||||
|
# a domain name hierarchy, as described in section "TABLE
|
||||||
|
# LOOKUP".
|
||||||
|
#
|
||||||
|
# The result is of the form transport:nexthop and specifies
|
||||||
|
# how or where to deliver mail. This is described in section
|
||||||
|
# "RESULT FORMAT".
|
||||||
|
#
|
||||||
|
# TABLE SEARCH ORDER
|
||||||
|
# With lookups from indexed files such as DB or DBM, or from
|
||||||
|
# networked tables such as NIS, LDAP or SQL, patterns are
|
||||||
|
# tried in the order as listed below:
|
||||||
|
#
|
||||||
|
# user+extension@domain transport:nexthop
|
||||||
|
# Deliver mail for user+extension@domain through
|
||||||
|
# transport to nexthop.
|
||||||
|
#
|
||||||
|
# user@domain transport:nexthop
|
||||||
|
# Deliver mail for user@domain through transport to
|
||||||
|
# nexthop.
|
||||||
|
#
|
||||||
|
# domain transport:nexthop
|
||||||
|
# Deliver mail for domain through transport to nex-
|
||||||
|
# thop.
|
||||||
|
#
|
||||||
|
# .domain transport:nexthop
|
||||||
|
# Deliver mail for any subdomain of domain through
|
||||||
|
# transport to nexthop. This applies only when the
|
||||||
|
# string transport_maps is not listed in the par-
|
||||||
|
# ent_domain_matches_subdomains configuration set-
|
||||||
|
# ting. Otherwise, a domain name matches itself and
|
||||||
|
# its subdomains.
|
||||||
|
#
|
||||||
|
# * transport:nexthop
|
||||||
|
# The special pattern * represents any address (i.e.
|
||||||
|
# it functions as the wild-card pattern, and is
|
||||||
|
# unique to Postfix transport tables).
|
||||||
|
#
|
||||||
|
# Note 1: the null recipient address is looked up as
|
||||||
|
# $empty_address_recipient@$myhostname (default: mailer-dae-
|
||||||
|
# mon@hostname).
|
||||||
|
#
|
||||||
|
# Note 2: user@domain or user+extension@domain lookup is
|
||||||
|
# available in Postfix 2.0 and later.
|
||||||
|
#
|
||||||
|
# RESULT FORMAT
|
||||||
|
# The lookup result is of the form transport:nexthop. The
|
||||||
|
# transport field specifies a mail delivery transport such
|
||||||
|
# as smtp or local. The nexthop field specifies where and
|
||||||
|
# how to deliver mail.
|
||||||
|
#
|
||||||
|
# The transport field specifies the name of a mail delivery
|
||||||
|
# transport (the first name of a mail delivery service entry
|
||||||
|
# in the Postfix master.cf file).
|
||||||
|
#
|
||||||
|
# The interpretation of the nexthop field is transport
|
||||||
|
# dependent. In the case of SMTP, specify a service on a
|
||||||
|
# non-default port as host:service, and disable MX (mail
|
||||||
|
# exchanger) DNS lookups with [host] or [host]:port. The []
|
||||||
|
# form is required when you specify an IP address instead of
|
||||||
|
# a hostname.
|
||||||
|
#
|
||||||
|
# A null transport and null nexthop result means "do not
|
||||||
|
# change": use the delivery transport and nexthop informa-
|
||||||
|
# tion that would be used when the entire transport table
|
||||||
|
# did not exist.
|
||||||
|
#
|
||||||
|
# A non-null transport field with a null nexthop field
|
||||||
|
# resets the nexthop information to the recipient domain.
|
||||||
|
#
|
||||||
|
# A null transport field with non-null nexthop field does
|
||||||
|
# not modify the transport information.
|
||||||
|
#
|
||||||
|
# EXAMPLES
|
||||||
|
# In order to deliver internal mail directly, while using a
|
||||||
|
# mail relay for all other mail, specify a null entry for
|
||||||
|
# internal destinations (do not change the delivery trans-
|
||||||
|
# port or the nexthop information) and specify a wildcard
|
||||||
|
# for all other destinations.
|
||||||
|
#
|
||||||
|
# my.domain :
|
||||||
|
# .my.domain :
|
||||||
|
# * smtp:outbound-relay.my.domain
|
||||||
|
#
|
||||||
|
# In order to send mail for example.com and its subdomains
|
||||||
|
# via the uucp transport to the UUCP host named example:
|
||||||
|
#
|
||||||
|
# example.com uucp:example
|
||||||
|
# .example.com uucp:example
|
||||||
|
#
|
||||||
|
# When no nexthop host name is specified, the destination
|
||||||
|
# domain name is used instead. For example, the following
|
||||||
|
# directs mail for user@example.com via the slow transport
|
||||||
|
# to a mail exchanger for example.com. The slow transport
|
||||||
|
# could be configured to run at most one delivery process at
|
||||||
|
# a time:
|
||||||
|
#
|
||||||
|
# example.com slow:
|
||||||
|
#
|
||||||
|
# When no transport is specified, Postfix uses the transport
|
||||||
|
# that matches the address domain class (see DESCRIPTION
|
||||||
|
# above). The following sends all mail for example.com and
|
||||||
|
# its subdomains to host gateway.example.com:
|
||||||
|
#
|
||||||
|
# example.com :[gateway.example.com]
|
||||||
|
# .example.com :[gateway.example.com]
|
||||||
|
#
|
||||||
|
# In the above example, the [] suppress MX lookups. This
|
||||||
|
# prevents mail routing loops when your machine is primary
|
||||||
|
# MX host for example.com.
|
||||||
|
#
|
||||||
|
# In the case of delivery via SMTP, one may specify host-
|
||||||
|
# name:service instead of just a host:
|
||||||
|
#
|
||||||
|
# example.com smtp:bar.example:2025
|
||||||
|
#
|
||||||
|
# This directs mail for user@example.com to host bar.example
|
||||||
|
# port 2025. Instead of a numerical port a symbolic name may
|
||||||
|
# be used. Specify [] around the hostname if MX lookups must
|
||||||
|
# be disabled.
|
||||||
|
#
|
||||||
|
# The error mailer can be used to bounce mail:
|
||||||
|
#
|
||||||
|
# .example.com error:mail for *.example.com is not deliverable
|
||||||
|
#
|
||||||
|
# This causes all mail for user@anything.example.com to be
|
||||||
|
# bounced.
|
||||||
|
#
|
||||||
|
# REGULAR EXPRESSION TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# the table is given in the form of regular expressions. For
|
||||||
|
# a description of regular expression lookup table syntax,
|
||||||
|
# see regexp_table(5) or pcre_table(5).
|
||||||
|
#
|
||||||
|
# Each pattern is a regular expression that is applied to
|
||||||
|
# the entire address being looked up. Thus,
|
||||||
|
# some.domain.hierarchy is not looked up via its parent
|
||||||
|
# domains, nor is user+foo@domain looked up as user@domain.
|
||||||
|
#
|
||||||
|
# Patterns are applied in the order as specified in the ta-
|
||||||
|
# ble, until a pattern is found that matches the search
|
||||||
|
# string.
|
||||||
|
#
|
||||||
|
# The trivial-rewrite(8) server disallows regular expression
|
||||||
|
# substitution of $1 etc. in regular expression lookup
|
||||||
|
# tables, because that could open a security hole (Postfix
|
||||||
|
# version 2.3 and later).
|
||||||
|
#
|
||||||
|
# TCP-BASED TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# lookups are directed to a TCP-based server. For a descrip-
|
||||||
|
# tion of the TCP client/server lookup protocol, see tcp_ta-
|
||||||
|
# ble(5). This feature is not available up to and including
|
||||||
|
# Postfix version 2.4.
|
||||||
|
#
|
||||||
|
# Each lookup operation uses the entire recipient address
|
||||||
|
# once. Thus, some.domain.hierarchy is not looked up via
|
||||||
|
# its parent domains, nor is user+foo@domain looked up as
|
||||||
|
# user@domain.
|
||||||
|
#
|
||||||
|
# Results are the same as with indexed file lookups.
|
||||||
|
#
|
||||||
|
# CONFIGURATION PARAMETERS
|
||||||
|
# The following main.cf parameters are especially relevant.
|
||||||
|
# The text below provides only a parameter summary. See
|
||||||
|
# postconf(5) for more details including examples.
|
||||||
|
#
|
||||||
|
# empty_address_recipient
|
||||||
|
# The address that is looked up instead of the null
|
||||||
|
# sender address.
|
||||||
|
#
|
||||||
|
# parent_domain_matches_subdomains
|
||||||
|
# List of Postfix features that use domain.tld pat-
|
||||||
|
# terns to match sub.domain.tld (as opposed to
|
||||||
|
# requiring .domain.tld patterns).
|
||||||
|
#
|
||||||
|
# transport_maps
|
||||||
|
# List of transport lookup tables.
|
||||||
|
#
|
||||||
|
# SEE ALSO
|
||||||
|
# trivial-rewrite(8), rewrite and resolve addresses
|
||||||
|
# master(5), master.cf file format
|
||||||
|
# postconf(5), configuration parameters
|
||||||
|
# postmap(1), Postfix lookup table manager
|
||||||
|
#
|
||||||
|
# README FILES
|
||||||
|
# Use "postconf readme_directory" or "postconf html_direc-
|
||||||
|
# tory" to locate this information.
|
||||||
|
# ADDRESS_REWRITING_README, address rewriting guide
|
||||||
|
# DATABASE_README, Postfix lookup table overview
|
||||||
|
# FILTER_README, external content filter
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
# The Secure Mailer license must be distributed with this
|
||||||
|
# software.
|
||||||
|
#
|
||||||
|
# AUTHOR(S)
|
||||||
|
# Wietse Venema
|
||||||
|
# IBM T.J. Watson Research
|
||||||
|
# P.O. Box 704
|
||||||
|
# Yorktown Heights, NY 10598, USA
|
||||||
|
#
|
||||||
|
# TRANSPORT(5)
|
299
postfix/virtual
Normal file
299
postfix/virtual
Normal file
|
@ -0,0 +1,299 @@
|
||||||
|
# VIRTUAL(5) VIRTUAL(5)
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# virtual - Postfix virtual alias table format
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# postmap /etc/postfix/virtual
|
||||||
|
#
|
||||||
|
# postmap -q "string" /etc/postfix/virtual
|
||||||
|
#
|
||||||
|
# postmap -q - /etc/postfix/virtual <inputfile
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# The optional virtual(5) alias table rewrites recipient
|
||||||
|
# addresses for all local, all virtual, and all remote mail
|
||||||
|
# destinations. This is unlike the aliases(5) table which
|
||||||
|
# is used only for local(8) delivery. Virtual aliasing is
|
||||||
|
# recursive, and is implemented by the Postfix cleanup(8)
|
||||||
|
# daemon before mail is queued.
|
||||||
|
#
|
||||||
|
# The main applications of virtual aliasing are:
|
||||||
|
#
|
||||||
|
# o To redirect mail for one address to one or more
|
||||||
|
# addresses.
|
||||||
|
#
|
||||||
|
# o To implement virtual alias domains where all
|
||||||
|
# addresses are aliased to addresses in other
|
||||||
|
# domains.
|
||||||
|
#
|
||||||
|
# Virtual alias domains are not to be confused with
|
||||||
|
# the virtual mailbox domains that are implemented
|
||||||
|
# with the Postfix virtual(8) mail delivery agent.
|
||||||
|
# With virtual mailbox domains, each recipient
|
||||||
|
# address can have its own mailbox.
|
||||||
|
#
|
||||||
|
# Virtual aliasing is applied only to recipient envelope
|
||||||
|
# addresses, and does not affect message headers. Use
|
||||||
|
# canonical(5) mapping to rewrite header and envelope
|
||||||
|
# addresses in general.
|
||||||
|
#
|
||||||
|
# Normally, the virtual(5) alias table is specified as a
|
||||||
|
# text file that serves as input to the postmap(1) command.
|
||||||
|
# The result, an indexed file in dbm or db format, is used
|
||||||
|
# for fast searching by the mail system. Execute the command
|
||||||
|
# "postmap /etc/postfix/virtual" to rebuild an indexed file
|
||||||
|
# after changing the corresponding text file.
|
||||||
|
#
|
||||||
|
# When the table is provided via other means such as NIS,
|
||||||
|
# LDAP or SQL, the same lookups are done as for ordinary
|
||||||
|
# indexed files.
|
||||||
|
#
|
||||||
|
# Alternatively, the table can be provided as a regular-
|
||||||
|
# expression map where patterns are given as regular expres-
|
||||||
|
# sions, or lookups can be directed to TCP-based server. In
|
||||||
|
# those case, the lookups are done in a slightly different
|
||||||
|
# way as described below under "REGULAR EXPRESSION TABLES"
|
||||||
|
# or "TCP-BASED TABLES".
|
||||||
|
#
|
||||||
|
# CASE FOLDING
|
||||||
|
# The search string is folded to lowercase before database
|
||||||
|
# lookup. As of Postfix 2.3, the search string is not case
|
||||||
|
# folded with database types such as regexp: or pcre: whose
|
||||||
|
# lookup fields can match both upper and lower case.
|
||||||
|
#
|
||||||
|
# TABLE FORMAT
|
||||||
|
# The input format for the postmap(1) command is as follows:
|
||||||
|
#
|
||||||
|
# pattern result
|
||||||
|
# When pattern matches a mail address, replace it by
|
||||||
|
# the corresponding result.
|
||||||
|
#
|
||||||
|
# blank lines and comments
|
||||||
|
# Empty lines and whitespace-only lines are ignored,
|
||||||
|
# as are lines whose first non-whitespace character
|
||||||
|
# is a `#'.
|
||||||
|
#
|
||||||
|
# multi-line text
|
||||||
|
# A logical line starts with non-whitespace text. A
|
||||||
|
# line that starts with whitespace continues a logi-
|
||||||
|
# cal line.
|
||||||
|
#
|
||||||
|
# TABLE SEARCH ORDER
|
||||||
|
# With lookups from indexed files such as DB or DBM, or from
|
||||||
|
# networked tables such as NIS, LDAP or SQL, each
|
||||||
|
# user@domain query produces a sequence of query patterns as
|
||||||
|
# described below.
|
||||||
|
#
|
||||||
|
# Each query pattern is sent to each specified lookup table
|
||||||
|
# before trying the next query pattern, until a match is
|
||||||
|
# found.
|
||||||
|
#
|
||||||
|
# user@domain address, address, ...
|
||||||
|
# Redirect mail for user@domain to address. This
|
||||||
|
# form has the highest precedence.
|
||||||
|
#
|
||||||
|
# user address, address, ...
|
||||||
|
# Redirect mail for user@site to address when site is
|
||||||
|
# equal to $myorigin, when site is listed in $mydes-
|
||||||
|
# tination, or when it is listed in $inet_interfaces
|
||||||
|
# or $proxy_interfaces.
|
||||||
|
#
|
||||||
|
# This functionality overlaps with functionality of
|
||||||
|
# the local aliases(5) database. The difference is
|
||||||
|
# that virtual(5) mapping can be applied to non-local
|
||||||
|
# addresses.
|
||||||
|
#
|
||||||
|
# @domain address, address, ...
|
||||||
|
# Redirect mail for other users in domain to address.
|
||||||
|
# This form has the lowest precedence.
|
||||||
|
#
|
||||||
|
# Note: @domain is a wild-card. With this form, the
|
||||||
|
# Postfix SMTP server accepts mail for any recipient
|
||||||
|
# in domain, regardless of whether that recipient
|
||||||
|
# exists. This may turn your mail system into a
|
||||||
|
# backscatter source: Postfix first accepts mail for
|
||||||
|
# non-existent recipients and then tries to return
|
||||||
|
# that mail as "undeliverable" to the often forged
|
||||||
|
# sender address.
|
||||||
|
#
|
||||||
|
# RESULT ADDRESS REWRITING
|
||||||
|
# The lookup result is subject to address rewriting:
|
||||||
|
#
|
||||||
|
# o When the result has the form @otherdomain, the
|
||||||
|
# result becomes the same user in otherdomain. This
|
||||||
|
# works only for the first address in a multi-address
|
||||||
|
# lookup result.
|
||||||
|
#
|
||||||
|
# o When "append_at_myorigin=yes", append "@$myorigin"
|
||||||
|
# to addresses without "@domain".
|
||||||
|
#
|
||||||
|
# o When "append_dot_mydomain=yes", append ".$mydomain"
|
||||||
|
# to addresses without ".domain".
|
||||||
|
#
|
||||||
|
# ADDRESS EXTENSION
|
||||||
|
# When a mail address localpart contains the optional recip-
|
||||||
|
# ient delimiter (e.g., user+foo@domain), the lookup order
|
||||||
|
# becomes: user+foo@domain, user@domain, user+foo, user, and
|
||||||
|
# @domain.
|
||||||
|
#
|
||||||
|
# The propagate_unmatched_extensions parameter controls
|
||||||
|
# whether an unmatched address extension (+foo) is propa-
|
||||||
|
# gated to the result of table lookup.
|
||||||
|
#
|
||||||
|
# VIRTUAL ALIAS DOMAINS
|
||||||
|
# Besides virtual aliases, the virtual alias table can also
|
||||||
|
# be used to implement virtual alias domains. With a virtual
|
||||||
|
# alias domain, all recipient addresses are aliased to
|
||||||
|
# addresses in other domains.
|
||||||
|
#
|
||||||
|
# Virtual alias domains are not to be confused with the vir-
|
||||||
|
# tual mailbox domains that are implemented with the Postfix
|
||||||
|
# virtual(8) mail delivery agent. With virtual mailbox
|
||||||
|
# domains, each recipient address can have its own mailbox.
|
||||||
|
#
|
||||||
|
# With a virtual alias domain, the virtual domain has its
|
||||||
|
# own user name space. Local (i.e. non-virtual) usernames
|
||||||
|
# are not visible in a virtual alias domain. In particular,
|
||||||
|
# local aliases(5) and local mailing lists are not visible
|
||||||
|
# as localname@virtual-alias.domain.
|
||||||
|
#
|
||||||
|
# Support for a virtual alias domain looks like:
|
||||||
|
#
|
||||||
|
# /etc/postfix/main.cf:
|
||||||
|
# virtual_alias_maps = hash:/etc/postfix/virtual
|
||||||
|
#
|
||||||
|
# Note: some systems use dbm databases instead of hash. See
|
||||||
|
# the output from "postconf -m" for available database
|
||||||
|
# types.
|
||||||
|
#
|
||||||
|
# /etc/postfix/virtual:
|
||||||
|
# virtual-alias.domain anything (right-hand content does not matter)
|
||||||
|
# postmaster@virtual-alias.domain postmaster
|
||||||
|
# user1@virtual-alias.domain address1
|
||||||
|
# user2@virtual-alias.domain address2, address3
|
||||||
|
#
|
||||||
|
# The virtual-alias.domain anything entry is required for a
|
||||||
|
# virtual alias domain. Without this entry, mail is rejected
|
||||||
|
# with "relay access denied", or bounces with "mail loops
|
||||||
|
# back to myself".
|
||||||
|
#
|
||||||
|
# Do not specify virtual alias domain names in the main.cf
|
||||||
|
# mydestination or relay_domains configuration parameters.
|
||||||
|
#
|
||||||
|
# With a virtual alias domain, the Postfix SMTP server
|
||||||
|
# accepts mail for known-user@virtual-alias.domain, and
|
||||||
|
# rejects mail for unknown-user@virtual-alias.domain as
|
||||||
|
# undeliverable.
|
||||||
|
#
|
||||||
|
# Instead of specifying the virtual alias domain name via
|
||||||
|
# the virtual_alias_maps table, you may also specify it via
|
||||||
|
# the main.cf virtual_alias_domains configuration parameter.
|
||||||
|
# This latter parameter uses the same syntax as the main.cf
|
||||||
|
# mydestination configuration parameter.
|
||||||
|
#
|
||||||
|
# REGULAR EXPRESSION TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# the table is given in the form of regular expressions. For
|
||||||
|
# a description of regular expression lookup table syntax,
|
||||||
|
# see regexp_table(5) or pcre_table(5).
|
||||||
|
#
|
||||||
|
# Each pattern is a regular expression that is applied to
|
||||||
|
# the entire address being looked up. Thus, user@domain mail
|
||||||
|
# addresses are not broken up into their user and @domain
|
||||||
|
# constituent parts, nor is user+foo broken up into user and
|
||||||
|
# foo.
|
||||||
|
#
|
||||||
|
# Patterns are applied in the order as specified in the ta-
|
||||||
|
# ble, until a pattern is found that matches the search
|
||||||
|
# string.
|
||||||
|
#
|
||||||
|
# Results are the same as with indexed file lookups, with
|
||||||
|
# the additional feature that parenthesized substrings from
|
||||||
|
# the pattern can be interpolated as $1, $2 and so on.
|
||||||
|
#
|
||||||
|
# TCP-BASED TABLES
|
||||||
|
# This section describes how the table lookups change when
|
||||||
|
# lookups are directed to a TCP-based server. For a descrip-
|
||||||
|
# tion of the TCP client/server lookup protocol, see tcp_ta-
|
||||||
|
# ble(5). This feature is not available up to and including
|
||||||
|
# Postfix version 2.4.
|
||||||
|
#
|
||||||
|
# Each lookup operation uses the entire address once. Thus,
|
||||||
|
# user@domain mail addresses are not broken up into their
|
||||||
|
# user and @domain constituent parts, nor is user+foo broken
|
||||||
|
# up into user and foo.
|
||||||
|
#
|
||||||
|
# Results are the same as with indexed file lookups.
|
||||||
|
#
|
||||||
|
# BUGS
|
||||||
|
# The table format does not understand quoting conventions.
|
||||||
|
#
|
||||||
|
# CONFIGURATION PARAMETERS
|
||||||
|
# The following main.cf parameters are especially relevant
|
||||||
|
# to this topic. See the Postfix main.cf file for syntax
|
||||||
|
# details and for default values. Use the "postfix reload"
|
||||||
|
# command after a configuration change.
|
||||||
|
#
|
||||||
|
# virtual_alias_maps
|
||||||
|
# List of virtual aliasing tables.
|
||||||
|
#
|
||||||
|
# virtual_alias_domains
|
||||||
|
# List of virtual alias domains. This uses the same
|
||||||
|
# syntax as the mydestination parameter.
|
||||||
|
#
|
||||||
|
# propagate_unmatched_extensions
|
||||||
|
# A list of address rewriting or forwarding mecha-
|
||||||
|
# nisms that propagate an address extension from the
|
||||||
|
# original address to the result. Specify zero or
|
||||||
|
# more of canonical, virtual, alias, forward,
|
||||||
|
# include, or generic.
|
||||||
|
#
|
||||||
|
# Other parameters of interest:
|
||||||
|
#
|
||||||
|
# inet_interfaces
|
||||||
|
# The network interface addresses that this system
|
||||||
|
# receives mail on. You need to stop and start Post-
|
||||||
|
# fix when this parameter changes.
|
||||||
|
#
|
||||||
|
# mydestination
|
||||||
|
# List of domains that this mail system considers
|
||||||
|
# local.
|
||||||
|
#
|
||||||
|
# myorigin
|
||||||
|
# The domain that is appended to any address that
|
||||||
|
# does not have a domain.
|
||||||
|
#
|
||||||
|
# owner_request_special
|
||||||
|
# Give special treatment to owner-xxx and xxx-request
|
||||||
|
# addresses.
|
||||||
|
#
|
||||||
|
# proxy_interfaces
|
||||||
|
# Other interfaces that this machine receives mail on
|
||||||
|
# by way of a proxy agent or network address transla-
|
||||||
|
# tor.
|
||||||
|
#
|
||||||
|
# SEE ALSO
|
||||||
|
# cleanup(8), canonicalize and enqueue mail
|
||||||
|
# postmap(1), Postfix lookup table manager
|
||||||
|
# postconf(5), configuration parameters
|
||||||
|
# canonical(5), canonical address mapping
|
||||||
|
#
|
||||||
|
# README FILES
|
||||||
|
# Use "postconf readme_directory" or "postconf html_direc-
|
||||||
|
# tory" to locate this information.
|
||||||
|
# ADDRESS_REWRITING_README, address rewriting guide
|
||||||
|
# DATABASE_README, Postfix lookup table overview
|
||||||
|
# VIRTUAL_README, domain hosting guide
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
# The Secure Mailer license must be distributed with this
|
||||||
|
# software.
|
||||||
|
#
|
||||||
|
# AUTHOR(S)
|
||||||
|
# Wietse Venema
|
||||||
|
# IBM T.J. Watson Research
|
||||||
|
# P.O. Box 704
|
||||||
|
# Yorktown Heights, NY 10598, USA
|
||||||
|
#
|
||||||
|
# VIRTUAL(5)
|
34
postfixadmin/.github/workflows/php.yml
vendored
Normal file
34
postfixadmin/.github/workflows/php.yml
vendored
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
name: GitHubBuild
|
||||||
|
|
||||||
|
on: [push]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v1
|
||||||
|
|
||||||
|
- name: Validate composer.json and composer.lock
|
||||||
|
run: php7.4 $(which composer) validate
|
||||||
|
|
||||||
|
- name: setup templates_c
|
||||||
|
run: mkdir templates_c || true
|
||||||
|
|
||||||
|
- name: touch config.local.php
|
||||||
|
run: touch config.local.php && php -v
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
run: php7.4 $(which composer) install --prefer-dist -n
|
||||||
|
|
||||||
|
- name: Build/test
|
||||||
|
run: php7.4 $(which composer) build
|
||||||
|
|
||||||
|
- name: setup coveralls
|
||||||
|
run: mkdir -p build/logs || true
|
||||||
|
|
||||||
|
- name: Coveralls
|
||||||
|
run: vendor/bin/coveralls ./clover.xml || true
|
||||||
|
env:
|
||||||
|
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
|
7
postfixadmin/.gitignore
vendored
Normal file
7
postfixadmin/.gitignore
vendored
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
/config.local.php
|
||||||
|
/templates_c/*.tpl.php
|
||||||
|
/templates_c/*menu.conf.php
|
||||||
|
/vendor/
|
||||||
|
/.php_cs.cache
|
||||||
|
/.idea
|
||||||
|
/composer.lock
|
23
postfixadmin/.php_cs.dist
Normal file
23
postfixadmin/.php_cs.dist
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$finder = PhpCsFixer\Finder::create()
|
||||||
|
->exclude('lib')
|
||||||
|
->exclude('vendor')
|
||||||
|
->exclude('templates')
|
||||||
|
->exclude('templates_c')
|
||||||
|
->exclude('debian')
|
||||||
|
->files()->notName('config.inc.php')->notName('config.local.php')
|
||||||
|
->in(__DIR__);
|
||||||
|
|
||||||
|
return PhpCsFixer\Config::create()
|
||||||
|
->setFinder($finder)
|
||||||
|
->setRules(array(
|
||||||
|
'@PSR2' => true,
|
||||||
|
'braces' => array(
|
||||||
|
'position_after_functions_and_oop_constructs' => 'same',
|
||||||
|
),
|
||||||
|
'method_argument_space' => false, # don't break formatting in initStruct()
|
||||||
|
'no_spaces_inside_parenthesis' => false, # don't break formatting in initStruct()
|
||||||
|
));
|
||||||
|
|
||||||
|
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4 ft=php: */
|
33
postfixadmin/.travis.yml
Normal file
33
postfixadmin/.travis.yml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
language: php
|
||||||
|
php:
|
||||||
|
- 7.2
|
||||||
|
- 7.3
|
||||||
|
- 7.4
|
||||||
|
- 8.0
|
||||||
|
|
||||||
|
services:
|
||||||
|
- mysql
|
||||||
|
- postgresql
|
||||||
|
|
||||||
|
cache:
|
||||||
|
directories:
|
||||||
|
- $HOME/.composer/cache
|
||||||
|
- $HOME/vendor
|
||||||
|
|
||||||
|
before_install:
|
||||||
|
- mysql -e 'CREATE DATABASE postfixadmin;'
|
||||||
|
- psql -c 'create database postfixadmin;' -U postgres
|
||||||
|
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
- travis_retry composer install --no-interaction --prefer-source --dev
|
||||||
|
- mkdir -p build/logs
|
||||||
|
|
||||||
|
script:
|
||||||
|
- composer build
|
||||||
|
- DATABASE=sqlite vendor/bin/phpunit tests/
|
||||||
|
- DATABASE=mysql vendor/bin/phpunit --coverage-clover=build/logs/clover.xml tests/
|
||||||
|
- DATABASE=postgresql vendor/bin/phpunit tests/
|
||||||
|
|
||||||
|
after_success:
|
||||||
|
- travis_retry php vendor/bin/php-coveralls
|
52
postfixadmin/ADDITIONS/README.TXT
Normal file
52
postfixadmin/ADDITIONS/README.TXT
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
#
|
||||||
|
# Postfix Admin ADDITIONS
|
||||||
|
#
|
||||||
|
|
||||||
|
BEFORE YOU START
|
||||||
|
----------------
|
||||||
|
|
||||||
|
**** ALL THESE SCRIPTS ARE CREATED BY THIRD PARTIES ****
|
||||||
|
**** THEY ARE AS IS, USE AT YOUR OWN RISK! ****
|
||||||
|
|
||||||
|
ADDITIONS
|
||||||
|
---------
|
||||||
|
|
||||||
|
In this directory you will find additional scripts that are build by others.
|
||||||
|
|
||||||
|
- change_password.tgz
|
||||||
|
by George Vieira <george at citadelcomputer dot com dot au>
|
||||||
|
SquirrelMail plugin to change your passwor
|
||||||
|
|
||||||
|
- cleanupdirs.pl
|
||||||
|
by jared bell <jared at beol dot net>
|
||||||
|
Displays a list of mailboxes that need to be deleted
|
||||||
|
|
||||||
|
- mailbox_remover.pl
|
||||||
|
by Petr Znojemsky
|
||||||
|
Deletes all unused mailboxes
|
||||||
|
|
||||||
|
- mkeveryone.pl
|
||||||
|
by Joshua Preston
|
||||||
|
Generate an 'everybody' alias for a domain.
|
||||||
|
|
||||||
|
- pfa_maildir_cleanup.pl
|
||||||
|
by Stephen Fulton <sfulton at esoteric dot ca>
|
||||||
|
Deletes all unused mailboxes
|
||||||
|
|
||||||
|
- postfixadmin-0.3-1.4.tar.gz
|
||||||
|
by Florian Kimmerl <info at spacekoeln dot de>
|
||||||
|
The Postfixadmin SquirrelMail plugin let users change their virtual alias,
|
||||||
|
vacation status/message and password.
|
||||||
|
|
||||||
|
- virtualmaildel.php
|
||||||
|
by George Vieira <george at citadelcomputer dot com dot au>
|
||||||
|
Deletes all unused mailboxes
|
||||||
|
|
||||||
|
- postfixadmin-mailbox-postcreation.sh
|
||||||
|
- postfixadmin-mailbox-postdeletion.sh
|
||||||
|
- postfixadmin-domain-postdeletion.sh
|
||||||
|
by Troels Arvin <troels@arvin.dk>
|
||||||
|
Examples of scripts relevant to the optional
|
||||||
|
$CONF['mailbox_postcreation_script'],
|
||||||
|
$CONF['mailbox_postdeletion_script'] and
|
||||||
|
$CONF['domain_postdeletion_script'] configuration options.
|
BIN
postfixadmin/ADDITIONS/change_password.tgz
Normal file
BIN
postfixadmin/ADDITIONS/change_password.tgz
Normal file
Binary file not shown.
112
postfixadmin/ADDITIONS/cleanupdirs.pl
Normal file
112
postfixadmin/ADDITIONS/cleanupdirs.pl
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
#!/usr/bin/perl -w
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
#
|
||||||
|
# cleanupdirs 1.2 by jared bell <jared@beol.net>
|
||||||
|
#
|
||||||
|
# display/remove maildir & domains directory tree's not listed in the postfix
|
||||||
|
# mysql database. currently setup for use with postfixadmin, but can be
|
||||||
|
# adapted. edit settings where it says 'change settings as needed.' by default
|
||||||
|
# this program will display a list of directories which need deleted, nothing
|
||||||
|
# is actually deleted. to change this behavior, look into the command line
|
||||||
|
# arguments.
|
||||||
|
#
|
||||||
|
# command line arguments:
|
||||||
|
# --delete
|
||||||
|
# force automatic deletion of directories. instead of displaying a list
|
||||||
|
# of deleted directories, they will be logged in the specified logfile.
|
||||||
|
# --print
|
||||||
|
# display deleted directories as well as log them. only valid when
|
||||||
|
# '--delete' has been specified.
|
||||||
|
#
|
||||||
|
# settings:
|
||||||
|
# $root_path = "/home/vmail";
|
||||||
|
# if maildir is '/home/vmail/domain.tld/user' then '/home/vmail' is the
|
||||||
|
# $root_path. if your maildirs are '/home/vmail/user@domain.tld' then
|
||||||
|
# this program will need to be modified in order to work right.
|
||||||
|
# $logfile = "/var/log/removed_maildirs.log";
|
||||||
|
# the logfile to use when $delete_old_dirs is set to 1
|
||||||
|
# $db_* = "*";
|
||||||
|
# sets the host, port, database, user and pass to your mysql server
|
||||||
|
#
|
||||||
|
# version history:
|
||||||
|
# 1.2 - removed uneeded settings. added '--print' command line argument
|
||||||
|
# 1.1 - added '--delete' command line argument
|
||||||
|
# 1.0 - initial release
|
||||||
|
#
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use DBI;
|
||||||
|
use File::Path;
|
||||||
|
use Getopt::Long;
|
||||||
|
|
||||||
|
### change settings as needed, see notes above #################################
|
||||||
|
our $root_path = "/home/vmail";
|
||||||
|
our $logfile = "/var/log/removed_maildirs.log";
|
||||||
|
our $db_hostname = "localhost";
|
||||||
|
our $db_port = "3306"; # this script currently supports MySQL only
|
||||||
|
our $db_database = "postfix";
|
||||||
|
our $db_username = "someuser";
|
||||||
|
our $db_password = "somepass";
|
||||||
|
|
||||||
|
# instead of changing this script, you can put your settings to /etc/mail/postfixadmin/cleanupdirs.conf
|
||||||
|
# just use perl syntax there to fill the variables listed above (without the "our" keyword). Example:
|
||||||
|
# $db_username = 'mail';
|
||||||
|
if (-f "/etc/mail/postfixadmin/cleanupdirs.conf") {
|
||||||
|
require "/etc/mail/postfixadmin/cleanupdirs.conf";
|
||||||
|
}
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
### begin program ##############################################################
|
||||||
|
my(@dirs_to_delete, $logfile_open);
|
||||||
|
my $delete_old_dirs = 0; # do not delete by default, use cmdline to change this
|
||||||
|
my $print_also = 0; # also print items when deleting, use cmdline to change this
|
||||||
|
GetOptions ('delete' => \$delete_old_dirs, 'print' => \$print_also);
|
||||||
|
my $conn_info = "DBI:mysql:database=$db_database;hostname=$db_hostname;port=$db_port";
|
||||||
|
my $dbh = DBI->connect($conn_info, $db_username, $db_password)
|
||||||
|
or die $DBI::errstr;
|
||||||
|
opendir DOMAINDIR, $root_path
|
||||||
|
or die "Unable to access directory '$root_path' ($!)";
|
||||||
|
foreach my $domain_dir (sort readdir DOMAINDIR) {
|
||||||
|
next if $domain_dir =~ /^\./; # skip dotted dirs
|
||||||
|
next if (! -d "$root_path/$domain_dir"); # skip everything that is not a directory
|
||||||
|
my $full_domain_dir = "$root_path/$domain_dir";
|
||||||
|
opendir USERDIR, $full_domain_dir
|
||||||
|
or die "Unable to access directory '$full_domain_dir' ($!)";
|
||||||
|
foreach my $user_dir (sort readdir USERDIR) {
|
||||||
|
next if $user_dir =~ /^\./; # skip dotted dirs
|
||||||
|
push @dirs_to_delete, "$full_domain_dir/$user_dir"
|
||||||
|
if &check_dir("SELECT maildir FROM mailbox WHERE maildir = ?",
|
||||||
|
"$domain_dir/$user_dir/"); # end slash needed for checkdir
|
||||||
|
}
|
||||||
|
push @dirs_to_delete, $full_domain_dir
|
||||||
|
if &check_dir("SELECT domain FROM domain WHERE domain = ?", $domain_dir);
|
||||||
|
}
|
||||||
|
closedir USERDIR;
|
||||||
|
closedir DOMAINDIR;
|
||||||
|
$dbh->disconnect;
|
||||||
|
if (@dirs_to_delete) {
|
||||||
|
foreach my $to_delete (@dirs_to_delete) {
|
||||||
|
if ($delete_old_dirs == 1) {
|
||||||
|
$logfile_open = open LOGFILE, ">> $logfile"
|
||||||
|
or die "Unable to append logfile '$logfile' ($!)"
|
||||||
|
unless $logfile_open;
|
||||||
|
rmtree $to_delete;
|
||||||
|
print LOGFILE localtime() . " Deleting directory '$to_delete'\n";
|
||||||
|
print localtime() . " Deleting directory '$to_delete'\n"
|
||||||
|
if $print_also;
|
||||||
|
} else {
|
||||||
|
print localtime() . " Need to delete directory '$to_delete'\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
close LOGFILE if $logfile_open;
|
||||||
|
sub check_dir {
|
||||||
|
my($query, $dir) = @_;
|
||||||
|
my $sth = $dbh->prepare($query);
|
||||||
|
my $num_rows = $sth->execute($dir);
|
||||||
|
$sth->finish;
|
||||||
|
($num_rows eq "0E0") ? 1 : 0;
|
||||||
|
}
|
40
postfixadmin/ADDITIONS/convert-passwd-to-postfixadmin.pl
Normal file
40
postfixadmin/ADDITIONS/convert-passwd-to-postfixadmin.pl
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
#!/usr/bin/perl -w
|
||||||
|
#
|
||||||
|
# Postfix Admin
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
# This source file is subject to the GPL license that is bundled with
|
||||||
|
# this package in the file LICENSE.TXT.
|
||||||
|
#
|
||||||
|
# Further details on the project are available at http://postfixadmin.sf.net
|
||||||
|
#
|
||||||
|
# @version $Id$
|
||||||
|
# @license GNU GPL v2 or later.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Really crude attempt at taking all users from a local
|
||||||
|
# passwd file (/etc/shadow) and creating postfixadmin mailboxes for them.
|
||||||
|
#
|
||||||
|
# The script outputs some SQL, which you need to then insert into your database
|
||||||
|
# as appropriate.
|
||||||
|
#
|
||||||
|
# Notes:
|
||||||
|
# 1) Change $mydomain and $true as required.
|
||||||
|
# 2) Ideally it should parse /etc/passwd, or call the getpw()? function and
|
||||||
|
# populate someone's name if known.
|
||||||
|
# 3) There's plenty of room for improvement.
|
||||||
|
#
|
||||||
|
# Original author: David Goodwin <david at palepurple-co-uk> - 2007/10/05.
|
||||||
|
#
|
||||||
|
use strict;
|
||||||
|
|
||||||
|
open(FH, '</etc/shadow') or die ('Cannot open shadow file; you need to be root - ' . $!);
|
||||||
|
my $mydomain = "test.com";
|
||||||
|
my $true = "t"; # t for pgsql; 1 for mysql
|
||||||
|
foreach(<FH>) {
|
||||||
|
my ($username, $password) = split(':', $_);
|
||||||
|
next if $password eq '!';
|
||||||
|
next if $password eq '*';
|
||||||
|
my $maildir = "$username\@$mydomain/";
|
||||||
|
print "insert into mailbox (username, password, domain, active, maildir) values ('$username', '$password', '$mydomain', $true, '$maildir');\n";
|
||||||
|
}
|
8
postfixadmin/ADDITIONS/cyrus/Changelog
Normal file
8
postfixadmin/ADDITIONS/cyrus/Changelog
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
|
||||||
|
Version 0.1 -- 26/10/2009
|
||||||
|
---------------------------
|
||||||
|
|
||||||
|
* Public Release.
|
||||||
|
* Postcreation, Postdeletion and Postedit hooks.
|
||||||
|
|
||||||
|
|
7
postfixadmin/ADDITIONS/cyrus/README-ES.txt
Normal file
7
postfixadmin/ADDITIONS/cyrus/README-ES.txt
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
|
||||||
|
Configuración
|
||||||
|
-------------
|
||||||
|
|
||||||
|
- Edita el fichero cyrus.conf y modifica las variables $cyrus_*. El usuario debe tener permisos sobre todas las cuentas.
|
||||||
|
- Edita los ficheros cyrus-*.pl y cambia la ruta de cyrus.conf (linea require '/path/to/cyrus.conf';)
|
||||||
|
|
7
postfixadmin/ADDITIONS/cyrus/README.txt
Normal file
7
postfixadmin/ADDITIONS/cyrus/README.txt
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
|
||||||
|
Configuration
|
||||||
|
-------------
|
||||||
|
|
||||||
|
- Edit cyrus.conf and set $cyrus_* variables correctly. User must have permission over all accounts.
|
||||||
|
- Edit cyrus-*.pl and change path to cyrus.conf (require '/path/to/cyrus.conf'; line)
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue