179 lines
5.8 KiB
Diff
179 lines
5.8 KiB
Diff
Index: conf/main.cf
|
|
===================================================================
|
|
--- conf/main.cf.orig
|
|
+++ conf/main.cf
|
|
@@ -576,6 +576,7 @@ unknown_local_recipient_reject_code = 55
|
|
#
|
|
#smtpd_banner = $myhostname ESMTP $mail_name
|
|
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
|
|
+smtpd_banner = $myhostname ESMTP
|
|
|
|
# PARALLEL DELIVERY TO THE SAME DESTINATION
|
|
#
|
|
@@ -682,4 +683,165 @@ sample_directory =
|
|
# readme_directory: The location of the Postfix README files.
|
|
#
|
|
readme_directory =
|
|
+
|
|
+############################################################
|
|
+#
|
|
+# before changing values manually consider editing
|
|
+# /etc/sysconfig/postfix
|
|
+# and run
|
|
+# config.postfix
|
|
+#
|
|
+# if you miss a feature of config.postfix then just send a
|
|
+# mail to chris@computersalat.de
|
|
+# patches for new feature(s) are also welcome :)
|
|
+#
|
|
+############################################################
|
|
+
|
|
+biff = no
|
|
+content_filter =
|
|
+delay_warning_time = 0h
|
|
+disable_dns_lookups = no
|
|
+disable_mime_output_conversion = no
|
|
+disable_vrfy_command = yes
|
|
+inet_interfaces = all
|
|
inet_protocols = ipv4
|
|
+masquerade_classes = envelope_sender, header_sender, header_recipient
|
|
+masquerade_domains =
|
|
+masquerade_exceptions =
|
|
+mydestination = $myhostname, localhost.$mydomain, localhost
|
|
+myhostname =
|
|
+mynetworks_style = subnet
|
|
+relayhost =
|
|
+
|
|
+alias_maps =
|
|
+canonical_maps =
|
|
+relocated_maps =
|
|
+sender_canonical_maps =
|
|
+transport_maps =
|
|
+mail_spool_directory = /var/mail
|
|
+message_strip_characters =
|
|
+defer_transports =
|
|
+mailbox_command =
|
|
+mailbox_transport =
|
|
+mailbox_size_limit = 0
|
|
+message_size_limit = 0
|
|
+strict_8bitmime = no
|
|
+strict_rfc821_envelopes = no
|
|
+smtpd_delay_reject = yes
|
|
+smtpd_helo_required = no
|
|
+
|
|
+smtpd_client_restrictions =
|
|
+
|
|
+smtpd_helo_restrictions =
|
|
+
|
|
+smtpd_sender_restrictions =
|
|
+
|
|
+smtpd_recipient_restrictions =
|
|
+
|
|
+
|
|
+######################################################################
|
|
+# SMTP Smuggling (CVE-2023-51764)
|
|
+# no: allows SMTP smuggling
|
|
+# yes / normalize :
|
|
+# but allow local clients with non-standard SMTP implementations
|
|
+# such as netcat, fax machines, or load balancer health checks.
|
|
+# reject:
|
|
+# rejects a command or message that contains a bare newline
|
|
+######################################################################
|
|
+smtpd_forbid_bare_newline = normalize
|
|
+smtpd_forbid_bare_newline_exclusions = $mynetworks
|
|
+#smtpd_forbid_bare_newline_reject_code = 521
|
|
+
|
|
+############################################################
|
|
+# SASL stuff
|
|
+############################################################
|
|
+smtp_sasl_auth_enable = no
|
|
+smtp_sasl_security_options =
|
|
+smtp_sasl_password_maps =
|
|
+smtpd_sasl_auth_enable = no
|
|
+# cyrus : smtpd_sasl_type = cyrus
|
|
+# smtpd_sasl_path = smtpd
|
|
+# dovecot : smtpd_sasl_type = dovecot
|
|
+# smtpd_sasl_path = private/auth
|
|
+smtpd_sasl_type = cyrus
|
|
+smtpd_sasl_path = smtpd
|
|
+############################################################
|
|
+# TLS stuff
|
|
+############################################################
|
|
+#tls_append_default_CA = no
|
|
+relay_clientcerts =
|
|
+#tls_random_source = dev:/dev/urandom
|
|
+
|
|
+smtp_use_tls = no
|
|
+#smtp_tls_loglevel = 0
|
|
+smtp_enforce_tls = no
|
|
+smtp_tls_security_level =
|
|
+smtp_tls_CAfile =
|
|
+smtp_tls_CApath =
|
|
+smtp_tls_cert_file =
|
|
+smtp_tls_key_file =
|
|
+#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
|
|
+#smtp_tls_session_cache_timeout = 3600s
|
|
+smtp_tls_session_cache_database =
|
|
+
|
|
+smtpd_use_tls = no
|
|
+#smtpd_tls_loglevel = 0
|
|
+smtpd_enforce_tls = no
|
|
+smtpd_tls_security_level =
|
|
+smtpd_tls_CAfile =
|
|
+smtpd_tls_CApath =
|
|
+smtpd_tls_cert_file =
|
|
+smtpd_tls_key_file =
|
|
+smtpd_tls_ask_ccert = no
|
|
+smtpd_tls_exclude_ciphers = RC4
|
|
+smtpd_tls_received_header = no
|
|
+############################################################
|
|
+# OpenDKIM
|
|
+############################################################
|
|
+#smtpd_milters = unix:/run/opendkim/opendkim.sock
|
|
+#non_smtpd_milters = $smtpd_milters
|
|
+#milter_default_action = accept
|
|
+#milter_protocol = 2
|
|
+############################################################
|
|
+# Start MySQL from postfixwiki.org
|
|
+############################################################
|
|
+relay_domains = $mydestination, hash:/etc/postfix/relay
|
|
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
|
|
+#virtual_alias_domains =
|
|
+#virtual_alias_maps = hash:/etc/postfix/virtual
|
|
+#virtual_uid_maps = static:303
|
|
+#virtual_gid_maps = static:303
|
|
+#virtual_minimum_uid = 303
|
|
+#virtual_mailbox_base = /srv/maildirs
|
|
+#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
|
|
+#virtual_mailbox_limit = 0
|
|
+#virtual_mailbox_limit_inbox = no
|
|
+#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
|
|
+## For dovecot LMTP replace 'virtual' with 'lmtp:unix:private/dovecot-lmtp'
|
|
+#virtual_transport = virtual
|
|
+## Additional for quota support
|
|
+#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
|
|
+#virtual_mailbox_limit_override = yes
|
|
+### Needs Maildir++ compatible IMAP servers, like Courier-IMAP
|
|
+#virtual_maildir_filter = yes
|
|
+#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter
|
|
+#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
|
|
+#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg
|
|
+#virtual_overquota_bounce = yes
|
|
+#virtual_trash_count = yes
|
|
+#virtual_trash_name = ".Trash"
|
|
+############################################################
|
|
+# End MySQL from postfixwiki.org
|
|
+############################################################
|
|
+# Rewrite reject codes
|
|
+############################################################
|
|
+#unknown_address_reject_code = 550
|
|
+#unknown_client_reject_code = 550
|
|
+#unknown_hostname_reject_code = 550
|
|
+#unverified_recipient_reject_code = 550
|
|
+#unverified_sender_reject_code = 550
|
|
+#soft_bounce = yes
|
|
+############################################################
|
|
+#debug_peer_list = example.com
|
|
+#debug_peer_level = 3
|
|
+
|