geiststreicher/main.cf Secret

## main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

mynetworks = localhost 127.0.0.0/8 192.168.100.0/24 [::ffff:127.0.0.0]/104 [::1]/128

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# SASL Zeug SERVER
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous

# TLS parameters SERVER
tls_random_source = dev:/dev/urandom
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_cert_file = /etc/postfix/tlscert/sacnic-net-cert.pem
smtpd_tls_key_file = /etc/postfix/tlscert/sacnic-net-key.pem
smtpd_tls_CAfile = /etc/postfix/tlscert/sacnic-net-cacert.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_recipient_restrictions =
  #allow anyone sending to us:
  permit_auth_destination
  #otherwise, allow authenticated connections from localhost
  check_client_access hash:/etc/postfix/access_client
  #otherwise, demand both authentication and encryption:
  reject_plaintext_session
  permit_sasl_authenticated
  reject

# SASL Zeug CLIENT
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
#broken_sasl_auth_clients = yes

# TLS paramters CLIENT
smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = server.sacnic-net.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtp_generic_maps = hash:/etc/postfix/generic
myorigin = /etc/mailname
mydestination = server.sacnic-net.de, localhost.sacnic-net.de, localhost, sacnic-net.de
relayhost =
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhosts
mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

## master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
  -o content_filter=spamfilter
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#scan	   unix  -	 -	 n	 -	 3	 smtp
#  -o smtp_send_xforward_command=yes
#  -o disable_mime_output_conversion=yes
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
#
# ==================================================================
#
# Spamassassin configuration of spampd
#
# ==================================================================
#
#localhost:10026	inet	n	-	n	-	3	smtpd
#	-o content_filter=
#        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
#        -o smtpd_helo_restrictions=
#        -o smtpd_client_restrictions=
#        -o smtpd_sender_restrictions=
#        -o smtpd_recipient_restrictions=permit_mynetworks,reject
#        -o mynetworks=127.0.0.0/8
#        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

#
# ==================================================================
#
# Spamassassin configuration of spamd/spamc
#
# ==================================================================
#
spamfilter	unix	-	n	n	-	-	pipe
  flags=Rq user=debian-spamd argv=/usr/bin/spamc -u $user -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

## relayhosts
@googlemail.com		[smtp.gmail.com]:587
@gmail.com			[smtp.gmail.com]:587
@gmx.de				[mail.gmx.net]:587
@gmx.net			[mail.gmx.net]:587
someone@live.de		[smtp.live.com]:587
anotherone@live.de	[smtp.live.com]:587
@web.de				[smtp.web.de]
@geiststreicher.org	[triangulum.uberspace.de]:587

## sasl_passwd
[smtp.gmail.com]:587			user@googlemail.com:password
[mail.gmx.net]:587				user:password
someone@live.de					someone@live.de:someonesPassword
anotherone@live.de				anotherone@live.de:anotheronesPassword
[triangulum.uberspace.de]:587	user:password
	# See /usr/share/postfix/main.cf.dist for a commented, more complete version


	# Debian specific: Specifying a file name will cause the first
	# line of that file to be used as the name. The Debian default
	# is /etc/mailname.
	#myorigin = /etc/mailname

	mynetworks = localhost 127.0.0.0/8 192.168.100.0/24 [::ffff:127.0.0.0]/104 [::1]/128

	smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
	biff = no

	# appending .domain is the MUA's job.
	append_dot_mydomain = no

	# Uncomment the next line to generate "delayed mail" warnings
	#delay_warning_time = 4h

	readme_directory = no

	# SASL Zeug SERVER
	smtpd_sasl_type = dovecot
	smtpd_sasl_path = private/auth
	smtpd_sasl_auth_enable = yes
	smtpd_sasl_security_options = noanonymous
	smtpd_sasl_tls_security_options = noanonymous

	# TLS parameters SERVER
	tls_random_source = dev:/dev/urandom
	smtpd_tls_loglevel = 1
	smtpd_tls_security_level = may
	smtpd_tls_received_header = yes
	smtpd_tls_cert_file = /etc/postfix/tlscert/sacnic-net-cert.pem
	smtpd_tls_key_file = /etc/postfix/tlscert/sacnic-net-key.pem
	smtpd_tls_CAfile = /etc/postfix/tlscert/sacnic-net-cacert.pem
	smtpd_use_tls=yes
	smtpd_tls_auth_only = yes
	smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
	smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

	smtpd_recipient_restrictions =
	#allow anyone sending to us:
	permit_auth_destination
	#otherwise, allow authenticated connections from localhost
	check_client_access hash:/etc/postfix/access_client
	#otherwise, demand both authentication and encryption:
	reject_plaintext_session
	permit_sasl_authenticated
	reject

	# SASL Zeug CLIENT
	smtp_sasl_auth_enable = yes
	smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
	smtp_sasl_security_options = noanonymous, noplaintext
	smtp_sasl_tls_security_options = noanonymous
	smtp_sender_dependent_authentication = yes
	#broken_sasl_auth_clients = yes

	# TLS paramters CLIENT
	smtp_tls_security_level = may
	smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
	# information on enabling SSL in the smtp client.

	myhostname = server.sacnic-net.de
	alias_maps = hash:/etc/aliases
	alias_database = hash:/etc/aliases
	smtp_generic_maps = hash:/etc/postfix/generic
	myorigin = /etc/mailname
	mydestination = server.sacnic-net.de, localhost.sacnic-net.de, localhost, sacnic-net.de
	relayhost =
	sender_dependent_relayhost_maps = hash:/etc/postfix/relayhosts
	mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
	mailbox_size_limit = 0
	recipient_delimiter = +
	inet_interfaces = all
	inet_protocols = ipv4
	#
	# Postfix master process configuration file. For details on the format
	# of the file, see the master(5) manual page (command: "man 5 master").
	#
	# Do not forget to execute "postfix reload" after editing this file.
	#
	# ==========================================================================
	# service type private unpriv chroot wakeup maxproc command + args
	# (yes) (yes) (yes) (never) (100)
	# ==========================================================================
	smtp inet n - - - - smtpd
	-o content_filter=spamfilter
	#smtp inet n - - - 1 postscreen
	#smtpd pass - - - - - smtpd
	#scan unix - - n - 3 smtp
	# -o smtp_send_xforward_command=yes
	# -o disable_mime_output_conversion=yes
	#dnsblog unix - - - - 0 dnsblog
	#tlsproxy unix - - - - 0 tlsproxy
	#submission inet n - - - - smtpd
	# -o syslog_name=postfix/submission
	# -o smtpd_tls_security_level=encrypt
	# -o smtpd_sasl_auth_enable=yes
	# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	# -o milter_macro_daemon_name=ORIGINATING
	#smtps inet n - - - - smtpd
	# -o syslog_name=postfix/smtps
	# -o smtpd_tls_wrappermode=yes
	# -o smtpd_sasl_auth_enable=yes
	# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	# -o milter_macro_daemon_name=ORIGINATING
	#628 inet n - - - - qmqpd
	pickup fifo n - - 60 1 pickup
	cleanup unix n - - - 0 cleanup
	qmgr fifo n - n 300 1 qmgr
	#qmgr fifo n - n 300 1 oqmgr
	tlsmgr unix - - - 1000? 1 tlsmgr
	rewrite unix - - - - - trivial-rewrite
	bounce unix - - - - 0 bounce
	defer unix - - - - 0 bounce
	trace unix - - - - 0 bounce
	verify unix - - - - 1 verify
	flush unix n - - 1000? 0 flush
	proxymap unix - - n - - proxymap
	proxywrite unix - - n - 1 proxymap
	smtp unix - - - - - smtp
	relay unix - - - - - smtp
	# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
	showq unix n - - - - showq
	error unix - - - - - error
	retry unix - - - - - error
	discard unix - - - - - discard
	local unix - n n - - local
	virtual unix - n n - - virtual
	lmtp unix - - - - - lmtp
	anvil unix - - - - 1 anvil
	scache unix - - - - 1 scache
	#
	# ====================================================================
	# Interfaces to non-Postfix software. Be sure to examine the manual
	# pages of the non-Postfix software to find out what options it wants.
	#
	# Many of the following services use the Postfix pipe(8) delivery
	# agent. See the pipe(8) man page for information about ${recipient}
	# and other message envelope options.
	# ====================================================================
	#
	# maildrop. See the Postfix MAILDROP_README file for details.
	# Also specify in main.cf: maildrop_destination_recipient_limit=1
	#
	maildrop unix - n n - - pipe
	flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
	#
	# ====================================================================
	#
	# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
	#
	# Specify in cyrus.conf:
	# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
	#
	# Specify in main.cf one or more of the following:
	# mailbox_transport = lmtp:inet:localhost
	# virtual_transport = lmtp:inet:localhost
	#
	# ====================================================================
	#
	# Cyrus 2.1.5 (Amos Gouaux)
	# Also specify in main.cf: cyrus_destination_recipient_limit=1
	#
	#cyrus unix - n n - - pipe
	# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
	#
	# ====================================================================
	# Old example of delivery via Cyrus.
	#
	#old-cyrus unix - n n - - pipe
	# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
	#
	# ====================================================================
	#
	# See the Postfix UUCP_README file for configuration details.
	#
	uucp unix - n n - - pipe
	flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
	#
	# Other external delivery methods.
	#
	ifmail unix - n n - - pipe
	flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
	bsmtp unix - n n - - pipe
	flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
	scalemail-backend unix - n n - 2 pipe
	flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
	mailman unix - n n - - pipe
	flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
	${nexthop} ${user}
	#
	# ==================================================================
	#
	# Spamassassin configuration of spampd
	#
	# ==================================================================
	#
	#localhost:10026 inet n - n - 3 smtpd
	# -o content_filter=
	# -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
	# -o smtpd_helo_restrictions=
	# -o smtpd_client_restrictions=
	# -o smtpd_sender_restrictions=
	# -o smtpd_recipient_restrictions=permit_mynetworks,reject
	# -o mynetworks=127.0.0.0/8
	# -o smtpd_authorized_xforward_hosts=127.0.0.0/8

	#
	# ==================================================================
	#
	# Spamassassin configuration of spamd/spamc
	#
	# ==================================================================
	#
	spamfilter unix - n n - - pipe
	flags=Rq user=debian-spamd argv=/usr/bin/spamc -u $user -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
	@googlemail.com [smtp.gmail.com]:587
	@gmail.com [smtp.gmail.com]:587
	@gmx.de [mail.gmx.net]:587
	@gmx.net [mail.gmx.net]:587
	someone@live.de [smtp.live.com]:587
	anotherone@live.de [smtp.live.com]:587
	@web.de [smtp.web.de]
	@geiststreicher.org [triangulum.uberspace.de]:587
	[smtp.gmail.com]:587 user@googlemail.com:password
	[mail.gmx.net]:587 user:password
	someone@live.de someone@live.de:someonesPassword
	anotherone@live.de anotherone@live.de:anotheronesPassword
	[triangulum.uberspace.de]:587 user:password