postfix/postfix-main.cf.patch

219 lines
7.3 KiB
Diff
Raw Normal View History

Index: conf/main.cf
===================================================================
--- conf/main.cf.orig
+++ conf/main.cf
@@ -285,7 +285,7 @@ unknown_local_recipient_reject_code = 55
#
#mynetworks = 168.100.3.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
-#mynetworks = hash:/etc/postfix/network_table
+#mynetworks = lmdb:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_relay_restrictions and
@@ -352,7 +352,7 @@ unknown_local_recipient_reject_code = 55
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
-#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+#relay_recipient_maps = lmdb:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
@@ -407,8 +407,8 @@ unknown_local_recipient_reject_code = 55
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
-#alias_maps = hash:/etc/aliases
-#alias_maps = hash:/etc/aliases, nis:mail.aliases
+#alias_maps = lmdb:/etc/aliases
+#alias_maps = lmdb:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
@@ -418,8 +418,8 @@ unknown_local_recipient_reject_code = 55
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
-#alias_database = hash:/etc/aliases
-#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
+#alias_database = lmdb:/etc/aliases
+#alias_database = lmdb:/etc/aliases, lmdb:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
@@ -576,6 +576,7 @@ unknown_local_recipient_reject_code = 55
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+smtpd_banner = $myhostname ESMTP
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
@@ -682,4 +683,165 @@ sample_directory =
# readme_directory: The location of the Postfix README files.
#
readme_directory =
+
+############################################################
+#
+# before changing values manually consider editing
+# /etc/sysconfig/postfix
+# and run
+# config.postfix
+#
+# if you miss a feature of config.postfix then just send a
+# mail to chris@computersalat.de
+# patches for new feature(s) are also welcome :)
+#
+############################################################
+
+biff = no
+content_filter =
+delay_warning_time = 0h
+smtp_dns_support_level = enabled
+disable_mime_output_conversion = no
+disable_vrfy_command = yes
+inet_interfaces = all
inet_protocols = ipv4
+masquerade_classes = envelope_sender, header_sender, header_recipient
+masquerade_domains =
+masquerade_exceptions =
+mydestination = $myhostname, localhost.$mydomain, localhost
+myhostname =
+mynetworks_style = subnet
+relayhost =
+
+alias_maps =
+canonical_maps =
+relocated_maps =
+sender_canonical_maps =
+transport_maps =
+mail_spool_directory = /var/mail
+message_strip_characters =
+defer_transports =
+mailbox_command =
+mailbox_transport =
+mailbox_size_limit = 0
+message_size_limit = 0
+strict_8bitmime = no
+strict_rfc821_envelopes = no
+smtpd_delay_reject = yes
+smtpd_helo_required = no
+
+smtpd_client_restrictions =
+
+smtpd_helo_restrictions =
+
+smtpd_sender_restrictions =
+
+smtpd_recipient_restrictions =
+
+
+######################################################################
+# SMTP Smuggling (CVE-2023-51764)
+# no: allows SMTP smuggling
+# yes / normalize :
+# but allow local clients with non-standard SMTP implementations
+# such as netcat, fax machines, or load balancer health checks.
+# reject:
+# rejects a command or message that contains a bare newline
+######################################################################
+smtpd_forbid_bare_newline = normalize
+smtpd_forbid_bare_newline_exclusions = $mynetworks
+#smtpd_forbid_bare_newline_reject_code = 521
+
+############################################################
+# SASL stuff
+############################################################
+smtp_sasl_auth_enable = no
+smtp_sasl_security_options =
+smtp_sasl_password_maps =
+smtpd_sasl_auth_enable = no
+# cyrus : smtpd_sasl_type = cyrus
+# smtpd_sasl_path = smtpd
+# dovecot : smtpd_sasl_type = dovecot
+# smtpd_sasl_path = private/auth
+smtpd_sasl_type = cyrus
+smtpd_sasl_path = smtpd
+############################################################
+# TLS stuff
+############################################################
+#tls_append_default_CA = no
+relay_clientcerts =
+#tls_random_source = dev:/dev/urandom
+
+smtp_use_tls = no
+#smtp_tls_loglevel = 0
+smtp_enforce_tls = no
+smtp_tls_security_level =
+smtp_tls_CAfile =
+smtp_tls_CApath =
+smtp_tls_cert_file =
+smtp_tls_key_file =
+#smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy
+#smtp_tls_session_cache_timeout = 3600s
+smtp_tls_session_cache_database =
+
+smtpd_use_tls = no
+#smtpd_tls_loglevel = 0
+smtpd_enforce_tls = no
+smtpd_tls_security_level =
+smtpd_tls_CAfile =
+smtpd_tls_CApath =
+smtpd_tls_cert_file =
+smtpd_tls_key_file =
+smtpd_tls_ask_ccert = no
+smtpd_tls_exclude_ciphers = RC4
+smtpd_tls_received_header = no
+############################################################
+# OpenDKIM
+############################################################
+#smtpd_milters = unix:/run/opendkim/opendkim.sock
+#non_smtpd_milters = $smtpd_milters
+#milter_default_action = accept
+#milter_protocol = 2
+############################################################
+# Start MySQL from postfixwiki.org
+############################################################
+relay_domains = $mydestination, lmdb:/etc/postfix/relay
+#relay_recipient_maps = lmdb:/etc/postfix/relay_recipients
+#virtual_alias_domains =
+#virtual_alias_maps = lmdb:/etc/postfix/virtual
+#virtual_uid_maps = static:303
+#virtual_gid_maps = static:303
+#virtual_minimum_uid = 303
+#virtual_mailbox_base = /srv/maildirs
+#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
+#virtual_mailbox_limit = 0
+#virtual_mailbox_limit_inbox = no
+#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
+## For dovecot LMTP replace 'virtual' with 'lmtp:unix:private/dovecot-lmtp'
+#virtual_transport = virtual
+## Additional for quota support
+#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
+#virtual_mailbox_limit_override = yes
+### Needs Maildir++ compatible IMAP servers, like Courier-IMAP
+#virtual_maildir_filter = yes
+#virtual_maildir_filter_maps = lmdb:/etc/postfix/vfilter
+#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
+#virtual_maildir_limit_message_maps = lmdb:/etc/postfix/vmsg
+#virtual_overquota_bounce = yes
+#virtual_trash_count = yes
+#virtual_trash_name = ".Trash"
+############################################################
+# End MySQL from postfixwiki.org
+############################################################
+# Rewrite reject codes
+############################################################
+#unknown_address_reject_code = 550
+#unknown_client_reject_code = 550
+#unknown_hostname_reject_code = 550
+#unverified_recipient_reject_code = 550
+#unverified_sender_reject_code = 550
+#soft_bounce = yes
+############################################################
+#debug_peer_list = example.com
+#debug_peer_level = 3
+