postfix-lmdb: dropped
This commit is contained in:
parent
0c36846961
commit
1551eb8378
@ -1,180 +0,0 @@
|
||||
drwxr-xr-x root/root etc/
|
||||
drwxr-xr-x root/root etc/postfix-lmdb/
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/CRUX-README.txt
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/LICENSE
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/TLS_LICENSE
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/access
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/aliases
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/bounce.cf.default
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/canonical
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/generic
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/header_checks
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/main.cf
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/main.cf.default
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/main.cf.proto
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/makedefs.out
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/master.cf
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/master.cf.proto
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/postfix-files
|
||||
drwxr-xr-x root/root etc/postfix-lmdb/postfix-files.d/
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/relay_clientcerts
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/relocated
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/sender_restrict
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/transport
|
||||
-rw-r--r-- root/root etc/postfix-lmdb/virtual
|
||||
drwxr-xr-x root/root etc/rc.d/
|
||||
-rwxr-xr-x root/root etc/rc.d/postfix-lmdb
|
||||
drwxr-xr-x root/root usr/
|
||||
drwxr-xr-x root/root usr/bin/
|
||||
lrwxrwxrwx root/root usr/bin/mailq -> ../../usr/sbin/sendmail
|
||||
lrwxrwxrwx root/root usr/bin/newaliases -> ../../usr/sbin/sendmail
|
||||
drwxr-xr-x root/root usr/lib/
|
||||
drwxr-xr-x root/root usr/lib/postfix-lmdb/
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/anvil
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/bounce
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/cleanup
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/discard
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/dnsblog
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/error
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/flush
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/libpostfix-dns.so
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/libpostfix-global.so
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/libpostfix-master.so
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/libpostfix-tls.so
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/libpostfix-util.so
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/lmtp
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/local
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/master
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/nqmgr
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/oqmgr
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/pickup
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/pipe
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/post-install
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/postfix-script
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/postfix-tls-script
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/postfix-wrapper
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/postlogd
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/postmulti-script
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/postscreen
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/proxymap
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/qmgr
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/qmqpd
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/scache
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/showq
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/smtp
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/smtpd
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/spawn
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/tlsmgr
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/tlsproxy
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/trivial-rewrite
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/verify
|
||||
-rwxr-xr-x root/root usr/lib/postfix-lmdb/virtual
|
||||
drwxr-xr-x root/root usr/sbin/
|
||||
-rwxr-xr-x root/root usr/sbin/postalias
|
||||
-rwxr-xr-x root/root usr/sbin/postcat
|
||||
-rwxr-xr-x root/root usr/sbin/postconf
|
||||
-rwxr-xr-x root/root usr/sbin/postdrop
|
||||
-rwxr-xr-x root/root usr/sbin/postfix
|
||||
-rwxr-xr-x root/root usr/sbin/postkick
|
||||
-rwxr-xr-x root/root usr/sbin/postlock
|
||||
-rwxr-xr-x root/root usr/sbin/postlog
|
||||
-rwxr-xr-x root/root usr/sbin/postmap
|
||||
-rwxr-xr-x root/root usr/sbin/postmulti
|
||||
-rwxr-xr-x root/root usr/sbin/postqueue
|
||||
-rwxr-xr-x root/root usr/sbin/postsuper
|
||||
-rwxr-xr-x root/root usr/sbin/sendmail
|
||||
drwxr-xr-x root/root usr/share/
|
||||
drwxr-xr-x root/root usr/share/man/
|
||||
drwxr-xr-x root/root usr/share/man/man1/
|
||||
-rw-r--r-- root/root usr/share/man/man1/mailq.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/newaliases.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postalias.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postcat.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postconf.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postdrop.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postfix-tls.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postfix.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postkick.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postlock.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postlog.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postmap.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postmulti.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postqueue.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/postsuper.1.gz
|
||||
-rw-r--r-- root/root usr/share/man/man1/sendmail.1.gz
|
||||
drwxr-xr-x root/root usr/share/man/man5/
|
||||
-rw-r--r-- root/root usr/share/man/man5/access.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/aliases.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/body_checks.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/bounce.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/canonical.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/cidr_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/generic.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/header_checks.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/ldap_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/lmdb_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/master.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/memcache_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/mysql_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/nisplus_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/pcre_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/pgsql_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/postconf.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/postfix-wrapper.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/regexp_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/relocated.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/socketmap_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/sqlite_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/tcp_table.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/transport.5.gz
|
||||
-rw-r--r-- root/root usr/share/man/man5/virtual.5.gz
|
||||
drwxr-xr-x root/root usr/share/man/man8/
|
||||
-rw-r--r-- root/root usr/share/man/man8/anvil.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/bounce.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/cleanup.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/defer.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/discard.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/dnsblog.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/error.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/flush.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/lmtp.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/local.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/master.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/oqmgr.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/pickup.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/pipe.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/postlogd.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/postscreen.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/proxymap.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/qmgr.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/qmqpd.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/scache.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/showq.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/smtp.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/smtpd.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/spawn.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/tlsmgr.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/tlsproxy.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/trace.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/trivial-rewrite.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/verify.8.gz
|
||||
-rw-r--r-- root/root usr/share/man/man8/virtual.8.gz
|
||||
drwxr-xr-x root/root var/
|
||||
drwxr-xr-x root/root var/lib/
|
||||
drwx------ root/root var/lib/postfix-lmdb/
|
||||
drwxr-xr-x root/root var/spool/
|
||||
drwxr-xr-x root/root var/spool/postfix-lmdb/
|
||||
drwx------ root/root var/spool/postfix-lmdb/active/
|
||||
drwx------ root/root var/spool/postfix-lmdb/bounce/
|
||||
drwx------ root/root var/spool/postfix-lmdb/corrupt/
|
||||
drwx------ root/root var/spool/postfix-lmdb/defer/
|
||||
drwx------ root/root var/spool/postfix-lmdb/deferred/
|
||||
drwx------ root/root var/spool/postfix-lmdb/flush/
|
||||
drwx------ root/root var/spool/postfix-lmdb/hold/
|
||||
drwx------ root/root var/spool/postfix-lmdb/incoming/
|
||||
drwx-wx--- root/root var/spool/postfix-lmdb/maildrop/
|
||||
drwxr-xr-x root/root var/spool/postfix-lmdb/pid/
|
||||
drwx------ root/root var/spool/postfix-lmdb/private/
|
||||
drwx--x--- root/root var/spool/postfix-lmdb/public/
|
||||
drwx------ root/root var/spool/postfix-lmdb/saved/
|
||||
drwx------ root/root var/spool/postfix-lmdb/trace/
|
@ -1,17 +0,0 @@
|
||||
untrusted comment: verify with /etc/ports/contrib.pub
|
||||
RWSagIOpLGJF37JkVc144j0BdgrNRkQ4YS1j1ZUhbYiRzla5Z486wG/67QYX97nKPwvM6wK9ifJY4l4PdicWmbcPIIVJBEutSQQ=
|
||||
SHA256 (Pkgfile) = 18fcdeeb8faf6526260fac657c5d26381b8c014b3f48f8056d8913879a0b075a
|
||||
SHA256 (.footprint) = c4bef46624508b9105e8c5816c322560a560c09e9c5507509eb95c886d52a387
|
||||
SHA256 (postfix-3.7.3.tar.gz) = d22f3d37ef75613d5d573b56fc51ef097f2c0d0b0e407923711f71c1fb72911b
|
||||
SHA256 (lmdb-default.patch) = 11f42333ae0640a3ca579463ed28007973693b93bc734b5d82225fcb516bf05e
|
||||
SHA256 (postfix-install.patch) = 7185d2b2e4d7cc090b958c1d372c16e15f274465e2123686a0d97db20e2b5943
|
||||
SHA256 (post-install) = 16dfda7fc118659d5ed83d4a0f683c730b0de723f9700806666532efa2502957
|
||||
SHA256 (postfix.rc) = 5ac60205a95faf4633c64bc60d2689f654b997932e3bbc1204b66df7b5dce1d2
|
||||
SHA256 (README) = f0b40f97977607b7fd50791f611396ac0efb747227dd4063e05be914d23c7ded
|
||||
SHA256 (aliases) = 60ae98d869800055b248c32c183a1836cc5a698cf337cb7ad734e862ae80e95a
|
||||
SHA256 (relay_clientcerts) = 2aa69a949c06826e2f5a760791fb5cebb37e6797613270fd11381c33afa38297
|
||||
SHA256 (client_restrict) = 9496a99f6714625c5883a41f8a5f9db8aa43199ef2167c18d83a2b39469622e3
|
||||
SHA256 (sender_access) = c9b9b86c985facdc18e6bfe436c78340174fc315478e578d82c956e35355e678
|
||||
SHA256 (sender_restrict) = 9b672511eac1971f8cd72b045e200aac8e0fe6407f1a055085fc1b85c1f24ed7
|
||||
SHA256 (main-addon.cf) = 9b76d29773fec26c3500df9203b5740ca52b44d5fc62d8c80da518f5959e6063
|
||||
SHA256 (master.patch) = 096b53869e8a55c8971b6ab055c170f5dc7dc676e254e5780dbdfab2a145947c
|
@ -1,103 +0,0 @@
|
||||
# Description: Secure and fast drop-in replacement for Sendmail (MTA)
|
||||
# URL: https://www.postfix.org/
|
||||
# Maintainer: Steffen Nurpmeso, steffen at sdaoden dot eu
|
||||
# Depends on: libpcre2 lmdb openssl
|
||||
# Optional: dovecot cyrus-sasl
|
||||
|
||||
rname=postfix
|
||||
name=postfix-lmdb
|
||||
version=3.7.3
|
||||
release=1
|
||||
source=(
|
||||
https://de.${rname}.org/ftpmirror/official/${rname}-${version}.tar.gz
|
||||
lmdb-default.patch
|
||||
postfix-install.patch
|
||||
post-install
|
||||
${rname}.rc
|
||||
README
|
||||
aliases
|
||||
relay_clientcerts
|
||||
client_restrict sender_access sender_restrict
|
||||
main-addon.cf master.patch
|
||||
)
|
||||
|
||||
build() {
|
||||
cd ${rname}-${version}
|
||||
|
||||
patch -p1 < "${SRC}"/lmdb-default.patch
|
||||
patch -p1 < "${SRC}"/postfix-install.patch
|
||||
|
||||
cca='-DNO_DB -DNO_EAI -DNO_NIS -DNO_NISPLUS -DUSE_TLS'
|
||||
cca=${cca}' -DHAS_LMDB -DDEF_DB_TYPE=\"lmdb\"'
|
||||
cca=${cca}' -DHAS_PCRE=2 '"$(pcre2-config --cflags)"
|
||||
aux=
|
||||
|
||||
if prt-get isinst dovecot; then # TODO UNTESTED!
|
||||
cca=${cca}' -DUSE_SASL_AUTH -DDEF_SASL_SERVER=dovecot'
|
||||
fi
|
||||
|
||||
if prt-get isinst cyrus-sasl; then # TODO UNTESTED!
|
||||
cca=${cca}' -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl'
|
||||
aux=${aux}' -lsasl2'
|
||||
fi
|
||||
|
||||
unset LD_LIBRARY_PATH
|
||||
make tidy
|
||||
make pie=yes shared=yes \
|
||||
DEBUG= \
|
||||
CCARGS="${cca}" \
|
||||
OPT="${CFLAGS}" \
|
||||
AUXLIBS_LMDB=-llmdb \
|
||||
AUXLIBS_PCRE="$(pkg-config --libs libpcre2-8)" \
|
||||
AUXLIBS="-lssl -lcrypto" \
|
||||
${aux} \
|
||||
install_root="${PKG}" \
|
||||
command_directory=/usr/sbin \
|
||||
config_directory=/etc/${name} \
|
||||
daemon_directory=/usr/lib/${name} \
|
||||
data_directory=/var/lib/${name} \
|
||||
html_directory=no \
|
||||
mail_spool_directory=/var/spool/mail \
|
||||
manpage_directory=/usr/share/man \
|
||||
meta_directory=/etc/${name} \
|
||||
queue_directory=/var/spool/${name} \
|
||||
readme_directory=no \
|
||||
shlib_directory=/usr/lib/${name} \
|
||||
makefiles
|
||||
|
||||
make OPT="$CFLAGS"
|
||||
|
||||
make \
|
||||
install_root="${PKG}" \
|
||||
command_directory=/usr/sbin \
|
||||
config_directory=/etc/${name} \
|
||||
daemon_directory=/usr/lib/${name} \
|
||||
data_directory=/var/lib/${name} \
|
||||
html_directory=no \
|
||||
mail_spool_directory=/var/spool/mail \
|
||||
manpage_directory=/usr/share/man \
|
||||
meta_directory=/etc/${name} \
|
||||
queue_directory=/var/spool/${name} \
|
||||
readme_directory=no \
|
||||
shlib_directory=/usr/lib/${name} \
|
||||
non-interactive-package
|
||||
|
||||
install -D -m 0755 "${SRC}"/${rname}.rc "${PKG}"/etc/rc.d/${name}
|
||||
install -m 0644 "${SRC}"/aliases "${PKG}"/etc/${name}/aliases
|
||||
install -m 0644 "${SRC}"/README "${PKG}"/etc/${name}/CRUX-README.txt
|
||||
install -m 0644 "${SRC}"/relay_clientcerts \
|
||||
"${PKG}"/etc/${name}/relay_clientcerts
|
||||
install -m 0644 "${SRC}"/sender_restrict \
|
||||
"${PKG}"/etc/${name}/sender_restrict
|
||||
sed -E -i'' \
|
||||
-e 's/^(setgid_group.+)$/#\1/' \
|
||||
-e 's/^(inet_protocols.+)$/#\1/' \
|
||||
"${PKG}"/etc/${name}/main.cf
|
||||
cat "${SRC}"/main-addon.cf >> "${PKG}"/etc/${name}/main.cf
|
||||
(
|
||||
cd "${PKG}"/etc/${name}
|
||||
patch -p0 < "${SRC}"/master.patch
|
||||
)
|
||||
}
|
||||
|
||||
# s-sh-mode
|
@ -1,131 +0,0 @@
|
||||
|
||||
The CRUX postfix package
|
||||
========================
|
||||
|
||||
* Abstract
|
||||
* TLS
|
||||
* SmartHost
|
||||
* Relay
|
||||
* DNS black lists
|
||||
* Gray listing
|
||||
* Address verification
|
||||
|
||||
Abstract
|
||||
--------
|
||||
|
||||
- Fully configured for "sailing in the wind".
|
||||
- Only listens to SMTP by default, but.
|
||||
- A few knobs can be turned here and there for more, see below.
|
||||
|
||||
Remember to run "postmap FILE" after you have updated table files,
|
||||
and "newaliases" or "postalias FILE" after changing alias files.
|
||||
|
||||
TLS
|
||||
---
|
||||
|
||||
tlsproxy(8) for connection tracking is running by default.
|
||||
To be identifiable generate a private key with certificate, either via
|
||||
|
||||
openssl genpkey -algorithm ed25519 -out prv.pem
|
||||
#openssl pkey -in prv.pem -pubout -out pub.pem
|
||||
openssl req -x509 -key prv.pem -out crt.pem
|
||||
|
||||
or
|
||||
|
||||
openssl req -x509 -nodes -newkey ed25519 -keyout prv.pem -out crt.pem
|
||||
|
||||
This is self-signed (which might be sufficient for client certificate
|
||||
identification as below). Also create DH parameters
|
||||
|
||||
openssl dhparam -out dh2048.pem 2048
|
||||
|
||||
Move all these to a save place. Do
|
||||
|
||||
cat prv.pem crt.pem > /etc/postfix-lmdb/key_and_cert.pem
|
||||
cp dh2048.pem /etc/postfix-lmdb/dh2048.pem
|
||||
|
||||
Make them root:root and 0600.
|
||||
Edit main.cf: uncomment all lines marked #TLS.
|
||||
Edit master.cf and ditto.
|
||||
Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
|
||||
SmartHost
|
||||
---------
|
||||
|
||||
For laptops or hosts without their own hostname using a smart host which
|
||||
does the real delivery is usually the thing.
|
||||
|
||||
Edit main.cf and uncomment and edit lines marked #SMART.
|
||||
Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
|
||||
Authentication to the smart host is not covered by the default
|
||||
configuration, with TLS as above however it may be possible to go
|
||||
via client certificates shall the relayhost allow this, see below.
|
||||
I.e., just reuse key_and_cert.pem "also" for this. Just uncomment the
|
||||
according lines.
|
||||
|
||||
Note it seems wise to go the $smtp_tls_fingerprint_cert_match approach
|
||||
to verify $relayhost, because the $smtp_tls_CAfile way requires a full
|
||||
chain, to the best of my knowledge.
|
||||
|
||||
You need to have cyrus-sasl installed otherwise (usually), and also
|
||||
dovecot that drives the SASL authentication. The default configuration
|
||||
contains the necessary entries, you should only need to adjust and
|
||||
uncomment it. Just search #SMART.
|
||||
|
||||
Relay
|
||||
-----
|
||||
|
||||
The default configuration only allows mails that address $mydestination
|
||||
aka the local host, or shall be relayed to $mynetworks (set to the
|
||||
IPv4 private address range).
|
||||
|
||||
Not covering SASL authentification of clients, the default configuration
|
||||
ships support for client certificate fingerprint matching, in order to
|
||||
allow clients which authenticate themselves to relay mail to anywhere.
|
||||
Edit main.cf and uncomment and edit lines marked #RELAY.
|
||||
Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
|
||||
Put the fingerprints in /etc/postfix-lmdb/relay_clientcerts as shown.
|
||||
Calculate them via
|
||||
|
||||
openssl x509 -noout -sha256 -fingerprint < CERT.pem
|
||||
or
|
||||
openssl x509 -outform DER -in CERT.pem | openssl dgst -sha256 -c
|
||||
|
||||
It seems to support public-key-only fingerprinting also.
|
||||
|
||||
You need to have cyrus-sasl installed otherwise (usually), and also
|
||||
dovecot that drives the SASL authentication. The default configuration
|
||||
contains the necessary entries, you should only need to adjust and
|
||||
uncomment it. See above for SmartHost.
|
||||
|
||||
DNS deny lists
|
||||
--------------
|
||||
|
||||
. Edit main.cf and uncomment and edit lines marked #DNSDL.
|
||||
. Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
|
||||
Gray listing
|
||||
------------
|
||||
|
||||
. Install s-postgray, and create a minimal configuration file.
|
||||
. Edit main.cf and uncomment and edit lines marked #GRAY.
|
||||
. Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
. Track your logs to fill in configuration some days or weeks.
|
||||
. Remove "-c 0" s-postgray command line option from master.cf.
|
||||
|
||||
Address verification
|
||||
--------------------
|
||||
|
||||
. Unless you use gray listing with --msg-allow=permit allowance, and
|
||||
have a completed set of allowlisted entries, you should read postfix's
|
||||
README_FILES/ADDRESS_VERIFICATION_README.
|
||||
. Edit main.cf and uncomment and edit lines marked #VERIFY.
|
||||
If gray listing is enabled, you could reconfigure it to not include
|
||||
recipients but only senders and client addresses via --focus-sender;
|
||||
then, change GRAY and VERIFY to happen in smtpd_sender_restrictions
|
||||
not smtpd_recipient_restrictions.
|
||||
. Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
|
||||
# s-ts-mode
|
@ -1,96 +0,0 @@
|
||||
#
|
||||
# Sample aliases file. Install in the location as specified by the
|
||||
# output from the command "postconf alias_maps". Typical path names
|
||||
# are /etc/aliases or /etc/mail/aliases.
|
||||
#
|
||||
# >>>>>>>>>> The program "newaliases" must be run after
|
||||
# >> NOTE >> this file is updated for any changes to
|
||||
# >>>>>>>>>> show through to Postfix.
|
||||
#
|
||||
|
||||
# Person who should get root's mail. Don't receive mail as root!
|
||||
#root: you
|
||||
|
||||
# Basic system aliases -- these MUST be present
|
||||
MAILER-DAEMON: postmaster
|
||||
postmaster: root
|
||||
|
||||
# General redirections for pseudo accounts
|
||||
bin: root
|
||||
daemon: root
|
||||
named: root
|
||||
nobody: root
|
||||
uucp: root
|
||||
www: root
|
||||
ftp-bugs: root
|
||||
postfix: root
|
||||
|
||||
# Put your local aliases here.
|
||||
|
||||
# Well-known aliases
|
||||
manager: root
|
||||
dumper: root
|
||||
operator: root
|
||||
abuse: postmaster
|
||||
|
||||
# trap decode to catch security attacks
|
||||
decode: root
|
||||
|
||||
# ALIASES(5) ALIASES(5)
|
||||
# o An alias definition has the form
|
||||
#
|
||||
# name: value1, value2, ...
|
||||
#
|
||||
# o Empty lines and whitespace-only lines are ignored,
|
||||
# as are lines whose first non-whitespace character
|
||||
# is a `#'.
|
||||
#
|
||||
# o A logical line starts with non-whitespace text. A
|
||||
# line that starts with whitespace continues a logi-
|
||||
# cal line.
|
||||
#
|
||||
# The name is a local address (no domain part). Use double
|
||||
# quotes when the name contains any special characters such
|
||||
# as whitespace, `#', `:', or `@'. The name is folded to
|
||||
# lowercase, in order to make database lookups case insensi-
|
||||
# tive.
|
||||
# The value contains one or more of the following:
|
||||
#
|
||||
# address
|
||||
# Mail is forwarded to address, which is compatible
|
||||
# with the RFC 822 standard.
|
||||
#
|
||||
# /file/name
|
||||
# Mail is appended to /file/name. See local(8) for
|
||||
# details of delivery to file. Delivery is not lim-
|
||||
# ited to regular files. For example, to dispose of
|
||||
# unwanted mail, deflect it to /dev/null.
|
||||
#
|
||||
# |command
|
||||
# Mail is piped into command. Commands that contain
|
||||
# special characters, such as whitespace, should be
|
||||
# enclosed between double quotes. See local(8) for
|
||||
# details of delivery to command.
|
||||
#
|
||||
# When the command fails, a limited amount of command
|
||||
# output is mailed back to the sender. The file
|
||||
# /usr/include/sysexits.h defines the expected exit
|
||||
# status codes. For example, use "|exit 67" to simu-
|
||||
# late a "user unknown" error, and "|exit 0" to
|
||||
# implement an expensive black hole.
|
||||
#
|
||||
# :include:/file/name
|
||||
# Mail is sent to the destinations listed in the
|
||||
# named file. Lines in :include: files have the same
|
||||
# syntax as the right-hand side of alias entries.
|
||||
#
|
||||
# A destination can be any destination that is
|
||||
# described in this manual page. However, delivery to
|
||||
# "|command" and /file/name is disallowed by default.
|
||||
# To enable, edit the allow_mail_to_commands and
|
||||
# allow_mail_to_files configuration parameters.
|
||||
# SEE ALSO
|
||||
# local(8), local delivery agent
|
||||
# newaliases(1), create/update alias database
|
||||
# postalias(1), create/update alias database
|
||||
# postconf(5), configuration parameters
|
@ -1,2 +0,0 @@
|
||||
# See access(5) for format (REJECT,OK,HOLD,DUNNO)
|
||||
|
@ -1,27 +0,0 @@
|
||||
Upstream: Not applicable
|
||||
Reason: Make LMDB the default configuration
|
||||
|
||||
Author: Duncan Bellamy <dunk@denkimushi.com>
|
||||
|
||||
diff --git a/src/global/mail_params.h b/src/global/mail_params.h
|
||||
index a6119f1..9639c60 100644
|
||||
--- a/src/global/mail_params.h
|
||||
+++ b/src/global/mail_params.h
|
||||
@@ -2826,7 +2826,7 @@ extern int var_vrfy_pend_limit;
|
||||
extern char *var_verify_service;
|
||||
|
||||
#define VAR_VERIFY_MAP "address_verify_map"
|
||||
-#define DEF_VERIFY_MAP "btree:$data_directory/verify_cache"
|
||||
+#define DEF_VERIFY_MAP "lmdb:$data_directory/verify_cache"
|
||||
extern char *var_verify_map;
|
||||
|
||||
#define VAR_VERIFY_POS_EXP "address_verify_positive_expire_time"
|
||||
@@ -3594,7 +3594,7 @@ extern char *var_multi_cntrl_cmds;
|
||||
* postscreen(8)
|
||||
*/
|
||||
#define VAR_PSC_CACHE_MAP "postscreen_cache_map"
|
||||
-#define DEF_PSC_CACHE_MAP "btree:$data_directory/postscreen_cache"
|
||||
+#define DEF_PSC_CACHE_MAP "lmdb:$data_directory/postscreen_cache"
|
||||
extern char *var_psc_cache_map;
|
||||
|
||||
#define VAR_SMTPD_SERVICE "smtpd_service_name"
|
@ -1,286 +0,0 @@
|
||||
|
||||
### CRUX-ADDON
|
||||
|
||||
default_privs = _postfix_xlocal
|
||||
setgid_group = _postfix_queue
|
||||
mail_spool_directory = /var/spool/mail
|
||||
alias_database = lmdb:$meta_directory/aliases
|
||||
alias_maps = $alias_database
|
||||
# all # or ipv4, ipv6 or ipv4 or ipv6
|
||||
inet_protocols = all
|
||||
|
||||
#myhostname = crux-box # default: gethostname
|
||||
#mydomain = localdomain # default: $myhostname less one component
|
||||
#myorigin = $mydomain
|
||||
# , lists.$myhostname
|
||||
mydestination = $myhostname, localhost.$mydomain, localhost
|
||||
mynetworks_style = host
|
||||
|
||||
# mynetworks: which addresses we treat as belonging to "our network".
|
||||
# RFC 1918 defines several "address ranges for private internets",
|
||||
# one class A, 16 class B, 256 class C networks:
|
||||
# 10.0.0.0 - 10.255.255.255 (10/8 prefix)
|
||||
# 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
|
||||
# 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
|
||||
# In practice these are used by WLAN and other such networks, which is not
|
||||
# "our" per se. RFC 5737 defines several blocks "reserved for documentation"
|
||||
# that SHOULD NOT occur on the public internet, so they should be blocked on
|
||||
# ingress and better not leave on egress, but they can be assigned to local
|
||||
# namespaces etc., and be used within VPNs:
|
||||
# 192.0.2.0 - 192.0.2.255 (192.0.2.0/24, TEST-NET-1, from RFC 1166)
|
||||
# 198.51.100.0 - 198.51.100.255 (198.51.100.0/24, TEST-NET-2)
|
||||
# 203.0.113.0 - 203.0.113.255 (203.0.113.0/24, TEST-NET-3)
|
||||
# Dunno how to specify IPv6 link-local and site-local
|
||||
#mynetworks = 192.0.2.0/24 198.51.100.0/24 203.0.113.0/24 127.0.0.0/8
|
||||
mynetworks = 127.0.0.0/8
|
||||
|
||||
#inet_interfaces = localhost
|
||||
#inet_interfaces = $myhostname, localhost
|
||||
inet_interfaces = all
|
||||
#debug_peer_list = localhost
|
||||
|
||||
smtputf8_enable = no
|
||||
disable_vrfy_command = yes
|
||||
default_verp_delimiters = -=
|
||||
verp_delimiter_filter = -=
|
||||
recipient_delimiter = +
|
||||
|
||||
default_process_limit = 8
|
||||
anvil_rate_time_unit = 60s
|
||||
anvil_status_update_time = 3600s
|
||||
#n_flow_delay = 1s
|
||||
body_checks_size_limit = 102400
|
||||
bounce_size_limit = 50000
|
||||
#header_size_limit = 102400
|
||||
mailbox_size_limit = 100000000
|
||||
message_size_limit = 442000
|
||||
|
||||
## TLSPROXY(8) (where diverging from daemon / client)
|
||||
|
||||
tls_append_default_CA = no
|
||||
|
||||
## POSTFIX DAEMON
|
||||
|
||||
# Calculate:
|
||||
# openssl x509 -noout -sha256 -fingerprint < CERT.pem
|
||||
# OR
|
||||
# openssl x509 -outform DER -in CERT.pem | openssl dgst -sha256 -c
|
||||
# Put the hash only in relay_clientcerts, right hand value is not inspected:
|
||||
# FINGERPRINT-HERE whatever value
|
||||
# Search #RELAY for this, uncomment
|
||||
#RELAY relay_clientcerts = lmdb:$meta_directory/relay_clientcerts
|
||||
# relay_domains <-> reject_unauth_destination,permit_auth_destination
|
||||
# eg lmdb:$meta_directory/transport
|
||||
transport_maps =
|
||||
relay_domains = $mynetworks,$transport_maps
|
||||
|
||||
# Only localhost for mailing-lists etc.; maybe $mynetworks?
|
||||
smtpd_authorized_verp_clients = 127.0.0.1
|
||||
|
||||
# Clients connection checks
|
||||
smtpd_client_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
check_client_access lmdb:$meta_directory/client_restrict,
|
||||
reject_unknown_client_hostname,
|
||||
# in case you want reject DNS blacklists rather than greylist them,
|
||||
# exchange sleep (maybe) and uncomment the lines below
|
||||
sleep 1,
|
||||
#reject_rbl_client cbl.abuseat.org,
|
||||
#reject_rbl_client sbl.spamhaus.org,
|
||||
#DNSDL reject_rbl_client zen.spamhaus.org,
|
||||
#DNSDL reject_rbl_client dnsbl.sorbs.net,
|
||||
#reject_rbl_client bl.spamcop.net,
|
||||
#reject_rbl_client list.dsbl.org,
|
||||
reject_unauth_pipelining,
|
||||
#reject
|
||||
permit
|
||||
|
||||
smtpd_data_restrictions =
|
||||
reject_unauth_pipelining,
|
||||
permit
|
||||
|
||||
smtpd_helo_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
reject_invalid_helo_hostname,
|
||||
reject_non_fqdn_helo_hostname,
|
||||
reject_unknown_helo_hostname,
|
||||
permit
|
||||
|
||||
# MAIL FROM Checks
|
||||
smtpd_sender_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY reject_authenticated_sender_login_mismatch,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
reject_non_fqdn_sender,
|
||||
# Total no-goes database, eg: qq.com reject
|
||||
check_sender_access lmdb:$meta_directory/sender_restrict,
|
||||
reject_unknown_sender_domain,
|
||||
reject_unknown_reverse_client_hostname,
|
||||
#GRAY: with --focus-sender only! And --msg-allow=permit
|
||||
#GRAY check_policy_service unix:private/postgray,
|
||||
#VERIFY(..then) reject_unverified_sender,
|
||||
permit
|
||||
|
||||
smtpd_relay_before_recipient_restrictions = yes
|
||||
|
||||
# RCPT TO checks, relay policy
|
||||
# Local clients and authenticated clients may specify any destination domain
|
||||
smtpd_relay_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
reject_non_fqdn_recipient,
|
||||
#permit_auth_destination,
|
||||
#reject
|
||||
reject_unauth_destination,
|
||||
permit
|
||||
|
||||
# RCPT TO checks, spam blocking policy
|
||||
# Match fast for $mynetworks and authenticated clients.
|
||||
smtpd_recipient_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
reject_unknown_recipient_domain,
|
||||
# DB of MAIL FROM's without policy server checks (one way, or another)
|
||||
check_sender_access lmdb:$meta_directory/sender_access,
|
||||
#check_policy_service inet:127.0.0.1:5525,
|
||||
#GRAY: without --focus-sender
|
||||
#GRAY check_policy_service unix:private/postgray,
|
||||
#VERIFY(..then) reject_unverified_sender,
|
||||
#(VERIFY would not) reject_unverified_recipient,
|
||||
permit
|
||||
|
||||
# i would turn that on..
|
||||
#smtpd_delay_reject = no
|
||||
smtpd_helo_required = yes
|
||||
smtpd_hard_error_limit = 2
|
||||
smtpd_soft_error_limit = 1
|
||||
smtpd_per_record_deadline = yes
|
||||
smtpd_timeout = 15s
|
||||
smtpd_starttls_timeout = 15s
|
||||
smtpd_junk_command_limit = 5
|
||||
#smtpd_log_access_permit_actions =
|
||||
# permit_tls_clientcerts,
|
||||
# permit_sasl_authenticated
|
||||
#smtpd_client_connection_rate_limit = 20
|
||||
#smtpd_client_connection_count_limit = 2
|
||||
|
||||
#VERIFY address_verify_map = lmdb:$data_directory/verify_cache
|
||||
#VERIFY address_verify_cache_cleanup_interval = 86400s
|
||||
|
||||
#TLS Do not forget to look into master.cf!
|
||||
# That one is for client certificates!
|
||||
#smtpd_tls_CAfile = /etc/dovecot/cert.pem
|
||||
#TLS smtpd_tls_chain_files = $meta_directory/key_and_cert.pem
|
||||
#TLS smtpd_tls_dh1024_param_file = $meta_directory/dh2048.pem
|
||||
# This are managed per-service in master.cf!
|
||||
#smtpd_tls_security_level = none
|
||||
#RELAY smtpd_tls_ask_ccert = yes
|
||||
smtpd_tls_ask_ccert = no
|
||||
smtpd_tls_auth_only = yes
|
||||
smtpd_tls_loglevel = 1
|
||||
#SMART The next is usually nice but when using client certificates
|
||||
smtpd_tls_received_header = no
|
||||
smtpd_tls_fingerprint_digest = sha256
|
||||
smtpd_tls_mandatory_protocols = >=TLSv1.2
|
||||
smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
|
||||
smtpd_tls_mandatory_ciphers = medium
|
||||
smtpd_tls_mandatory_exclude_ciphers =
|
||||
aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH,
|
||||
EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
|
||||
smtpd_tls_ciphers = $smtpd_tls_mandatory_ciphers
|
||||
smtpd_tls_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
|
||||
smtpd_tls_session_cache_database = lmdb:$data_directory/smtpd_scache
|
||||
smtpd_tls_session_cache_timeout = 3600s
|
||||
|
||||
# Usually enabled per-service in master.cf!
|
||||
#smtpd_sasl_auth_enable = yes
|
||||
smtpd_sasl_auth_enable = no
|
||||
smtpd_sasl_type = dovecot
|
||||
smtpd_sasl_path = private/auth
|
||||
smtpd_sasl_local_domain = $myhostname
|
||||
smtpd_sasl_security_options = noanonymous, noplaintext
|
||||
smtpd_sasl_tls_security_options = noanonymous
|
||||
|
||||
## POSTFIX CLIENT
|
||||
|
||||
#TLS comment out next
|
||||
#SMART comment out next
|
||||
smtp_tls_security_level = may
|
||||
# To always go directly SMTPS/SUBMISSIONS
|
||||
#smtp_tls_wrappermode = yes
|
||||
smtp_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
|
||||
smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
|
||||
smtp_tls_protocols = $smtpd_tls_protocols
|
||||
#SMART When only relaying to smarthost, the next should be =high
|
||||
#SMART smtp_tls_mandatory_ciphers = high
|
||||
smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
|
||||
smtp_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
|
||||
smtp_tls_ciphers = $smtpd_tls_ciphers
|
||||
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
|
||||
smtp_tls_connection_reuse = yes
|
||||
smtp_tls_session_cache_database = lmdb:$data_directory/smtp_scache
|
||||
smtp_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
|
||||
|
||||
#smtp_sasl_auth_enable = $smtpd_sasl_auth_enable
|
||||
#smtp_sasl_type = $smtpd_sasl_type
|
||||
#smtp_sasl_path = $smtpd_sasl_path
|
||||
#smtp_sasl_mechanism_filter = !external
|
||||
#smtp_sasl_security_options = $smtpd_sasl_security_options
|
||||
#smtp_sasl_tls_security_options = $smtpd_sasl_tls_security_options
|
||||
#smtp_sasl_mechanism_filter = plain, login
|
||||
|
||||
# For laptops etc, rely on smarthost to do real delivery.
|
||||
# One or more destinations in the form of a domain name, hostname,
|
||||
# hostname:port, [hostname]:port, [hostaddress] or [hostaddress]:port,
|
||||
# separated by comma or whitespace. The form [hostname] turns off MX lookups
|
||||
# check man(5) postconf -> local_header_rewrite_clients;
|
||||
# "Or", i.e., for mail(1): use "-r myname@mydesired.host"
|
||||
#SMART relayhost = [HOST]:submissions
|
||||
#SMART Next only when going directly SMTPS/SUBMISSIONS
|
||||
#SMART smtp_tls_wrappermode = yes
|
||||
#SMART smtp_tls_chain_files = $smtpd_tls_chain_files
|
||||
#SMART EITHER these three
|
||||
#SMART smtp_tls_security_level = verify
|
||||
#SMART smtp_tls_CAfile = /etc/ssl/cert.pem
|
||||
#SMART smtp_tls_scert_verifydepth = 9
|
||||
#SMART OR these two
|
||||
#SMART smtp_tls_security_level = fingerprint
|
||||
#SMART smtp_tls_fingerprint_cert_match = FINGERPRINT
|
||||
# The following is not tested, really, and may not work with default config
|
||||
#SMART disable_dns_lookups = yes
|
||||
#SMART Authentication like that not tried, this from postfix SASL_README:
|
||||
#smtp_sasl_auth_enable = yes
|
||||
#smtp_sasl_tls_security_options = noanonymous
|
||||
#smtp_sasl_password_maps = lmdb:$meta_directory/sasl_passwd
|
||||
# $meta_directory/sasl_passwd:
|
||||
# # destination credentials
|
||||
# #user1@example.com username1:password1
|
||||
# #user2@example.net username2:password2
|
||||
# [mail.isp.example] username:password
|
||||
# # Alternative form:
|
||||
# # [mail.isp.example]:submission username:password
|
||||
#SMART Even sender-specific, uncomment the user1 user2 entries above then
|
||||
# sender_dependent_relayhost_maps = lmdb:$meta_directory/sender_relay
|
||||
# $meta_directory/sender_relay:
|
||||
# # Per-sender provider; see also $meta_directory/sasl_passwd.
|
||||
# user1@example.com [mail.example.com]:submission
|
||||
# user2@example.net [mail.example.net]
|
||||
|
||||
# Permanently (to _destinations) instead if this is "no"
|
||||
smtp_connection_cache_on_demand = yes
|
||||
# $relayhost WITHOUT [] and : etc.!!
|
||||
smtp_connection_cache_destinations = $relayhost
|
||||
smtp_connection_cache_time_limit = 10s
|
||||
smtp_connection_reuse_count_limit = 242
|
@ -1,37 +0,0 @@
|
||||
--- master.cf.orig 2022-06-08 22:53:27.956225130 +0200
|
||||
+++ master.cf 2022-06-08 22:56:16.596225800 +0200
|
||||
@@ -10,6 +10,20 @@
|
||||
# (yes) (yes) (no) (never) (100)
|
||||
# ==========================================================================
|
||||
smtp inet n - n - - smtpd
|
||||
+#TLS Does: STARTTLS on :25, enforced STARTTLS on :587, always TLS on :465
|
||||
+#TLS -o smtpd_tls_security_level=may
|
||||
+#TLS -o smtpd_sasl_auth_enable=no
|
||||
+#TLS submission inet n - n - - smtpd
|
||||
+#TLS -o syslog_name=postfix/submission
|
||||
+#TLS -o smtpd_tls_security_level=encrypt
|
||||
+#TLS -o smtpd_sasl_auth_enable=yes
|
||||
+#TLS # This was SMTPS aka :465. I use it as that.
|
||||
+#TLS submissions inet n - n - - smtpd
|
||||
+#TLS -o syslog_name=postfix/submissions
|
||||
+#TLS -o smtpd_tls_wrappermode=yes
|
||||
+#TLS -o smtpd_sasl_auth_enable=no
|
||||
+tlsproxy unix - - n - 0 tlsproxy
|
||||
+ -o tlsproxy_tls_security_level=encrypt
|
||||
#smtp inet n - n - 1 postscreen
|
||||
#smtpd pass - - n - - smtpd
|
||||
#dnsblog unix - - n - 0 dnsblog
|
||||
@@ -86,7 +100,12 @@
|
||||
# agent. See the pipe(8) man page for information about ${recipient}
|
||||
# and other message envelope options.
|
||||
# ====================================================================
|
||||
-#
|
||||
+
|
||||
+#GRAY
|
||||
+#GRAY postgray unix - n n - - spawn
|
||||
+#GRAY
|
||||
+#GRAY user=_postfix_xlocal argv=/usr/libexec/s-postgray -c0 -R /etc/postfix-lmdb/pg.rc
|
||||
+
|
||||
# maildrop. See the Postfix MAILDROP_README file for details.
|
||||
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
||||
#
|
@ -1,58 +0,0 @@
|
||||
#!/bin/sh -
|
||||
|
||||
name=postfix-lmdb
|
||||
|
||||
# owner
|
||||
usr=postfix
|
||||
usrgrp=${usr}
|
||||
# group for mail submission and queue
|
||||
queuegrp=_postfix_queue
|
||||
# Default rights used by the local delivery agent for delivery
|
||||
# to external file, used in absence of a recipient user context.
|
||||
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
|
||||
defusr=_postfix_xlocal
|
||||
defgrp=${defusr}
|
||||
|
||||
getent group mail >/dev/null || groupadd -r mail
|
||||
|
||||
getent group ${usrgrp} >/dev/null || groupadd -r ${usrgrp}
|
||||
getent passwd ${usr} >/dev/null 2>&1 || {
|
||||
useradd -r -g ${usrgrp} -d /var/spool/${name} -s /bin/false ${usr}
|
||||
passwd -l ${usr}
|
||||
}
|
||||
|
||||
getent group ${queuegrp} >/dev/null || groupadd -r ${queuegrp}
|
||||
|
||||
getent group ${defgrp} >/dev/null || groupadd -r ${defgrp}
|
||||
getent passwd ${defusr} >/dev/null 2>&1 || {
|
||||
useradd -r -g ${defgrp} -d /var/spool/mail -s /sbin/nologin ${defusr}
|
||||
passwd -l ${defusr}
|
||||
}
|
||||
|
||||
p_i() {
|
||||
/usr/lib/${name}/post-install \
|
||||
install_root= \
|
||||
command_directory=/usr/sbin \
|
||||
config_directory=/etc/${name} \
|
||||
daemon_directory=/usr/lib/${name} \
|
||||
data_directory=/var/lib/${name} \
|
||||
html_directory=no \
|
||||
mail_spool_directory=/var/spool/mail \
|
||||
manpage_directory=/usr/share/man \
|
||||
meta_directory=/etc/${name} \
|
||||
queue_directory=/var/spool/${name} \
|
||||
readme_directory=no \
|
||||
shlib_directory=/usr/lib/${name} \
|
||||
"${@}"
|
||||
}
|
||||
|
||||
p_i create-missing
|
||||
p_i upgrade-permissions
|
||||
|
||||
/usr/sbin/postalias /etc/${name}/aliases
|
||||
|
||||
/usr/sbin/postmap lmdb:/etc/${name}/relay_clientcerts
|
||||
|
||||
/usr/sbin/postmap lmdb:/etc/${name}/client_restrict
|
||||
/usr/sbin/postmap lmdb:/etc/${name}/sender_access
|
||||
/usr/sbin/postmap lmdb:/etc/${name}/sender_restrict
|
@ -1,11 +0,0 @@
|
||||
--- a/postfix-install
|
||||
+++ b/postfix-install
|
||||
@@ -832,7 +832,7 @@
|
||||
# the wrong place when Postfix is being upgraded.
|
||||
|
||||
case "$mail_version" in
|
||||
-"") mail_version="`bin/postconf -dhx mail_version`" || exit 1
|
||||
+"") mail_version="`bin/postconf -c $CONFIG_DIRECTORY -dhx mail_version`" || exit 1
|
||||
esac
|
||||
|
||||
# Undo MAIL_VERSION expansion at the end of a parameter value. If
|
@ -1,38 +0,0 @@
|
||||
#!/bin/sh
|
||||
#@ /etc/rc.d/postfix: start/stop postfix daemon
|
||||
|
||||
PROG=/usr/sbin/postfix
|
||||
OPTS=
|
||||
|
||||
case "${1}" in
|
||||
check)
|
||||
exec ${PROG} ${OPTS} check
|
||||
;;
|
||||
start)
|
||||
exec ${PROG} ${OPTS} start
|
||||
;;
|
||||
stop)
|
||||
exec ${PROG} ${OPTS} stop
|
||||
;;
|
||||
restart)
|
||||
"${0}" stop
|
||||
exec "${0}" start
|
||||
;;
|
||||
reload)
|
||||
exec ${PROG} ${OPTS} reload
|
||||
;;
|
||||
abort)
|
||||
exec ${PROG} ${OPTS} abort
|
||||
;;
|
||||
flush)
|
||||
exec ${PROG} ${OPTS} flush
|
||||
;;
|
||||
status)
|
||||
exec ${PROG} ${OPTS} status
|
||||
;;
|
||||
*)
|
||||
echo "usage: ${0} check|start|stop|restart|reload|abort|flush|status"
|
||||
;;
|
||||
esac
|
||||
|
||||
# s-sh-mode
|
@ -1,5 +0,0 @@
|
||||
# FINGERPRINT any value
|
||||
# openssl x509 -noout -sha256 -fingerprint < CERT.pem
|
||||
# OR
|
||||
# openssl x509 -outform DER -in CERT.pem | openssl dgst -sha256 -c
|
||||
|
@ -1,3 +0,0 @@
|
||||
# See access(5) for format (REJECT,OK,HOLD,DUNNO)
|
||||
|
||||
crux.nu OK
|
@ -1,3 +0,0 @@
|
||||
# See access(5) for format (REJECT,OK,HOLD,DUNNO)
|
||||
|
||||
qq.com reject
|
Loading…
Reference in New Issue
Block a user